praveenkumar@zohocorp.com

Attack Techniques & Threat Modeling Security Operations for Identity

Tracking privilege escalation in Azure AD

December 19, 2025

Tracking Privilege Escalation in Azure AD (Microsoft Entra ID) Privilege escalation in Microsoft Entra ID (formerly Azure AD) rarely looks like a single “hacker flips a switch” moment. In real environments, it’s usually a chain of small, legitimate-looking changes—role assignments, consent grants, group membership edits, Conditional Access exceptions, or…

Zero Trust architecture with Entra at the core

December 19, 2025

Zero Trust Architecture with Microsoft Entra at the Core Zero Trust is not a product you “turn on.” It’s an operating model for security where every access request is treated as hostile until proven otherwise. The big shift is psychological and architectural: you stop trusting network location (VPN, office LAN, “inside”) and you start trusting verified identity +…

Recovering deleted users and groups in Entra

November 21, 2025

Recovering Deleted Users and Groups in Microsoft Entra ID Accidental deletion in Entra can feel like an outage: users can’t sign in, group-based access breaks, app assignments disappear, and you’re suddenly racing the clock. The good news: most Entra objects are soft-deleted first (a “recycle bin”), which gives you a recovery window—if you know where to…

Secure score improvements using Entra ID insights

November 21, 2025

Secure Score Improvements Using Entra ID Insights Microsoft Secure Score is most useful when it’s treated as a risk-reduction roadmap, not a vanity metric. If Microsoft Entra ID (formerly Azure AD) is your identity control plane, then the best Secure Score gains usually come from identity-driven changes: stronger authentication, tighter access conditions, reduced privilege…

Setting up MFA policies in hybrid environments

November 21, 2025

What you’ll build Hybrid MFA basics: where MFA can be enforced Prerequisites and guardrails (don’t skip) A practical MFA policy model for hybrid orgs Implementation steps in Entra Conditional Access Extending MFA to on-prem apps, VPN, and RADIUS Rollout plan: pilot → broad deployment Monitoring and troubleshooting Ready-to-use policy templates FAQs …

Identity Governance Microsoft Entra ID

Creating compliance alerts with Entra Identity Governance

November 14, 2025

Creating Compliance Alerts with Microsoft Entra Identity Governance “Compliance alerts” in identity land are simple: you define what should be true (policy), detect when reality drifts (signal), and notify the right owner fast enough to fix it (response). Microsoft Entra Identity Governance (Identity Governance) gives you strong policy primitives—like access reviews, …

How to detect Golden Ticket attacks

November 14, 2025

How to Detect Golden Ticket Attacks in Active Directory A Golden Ticket attack is one of the most damaging post-compromise techniques in Active Directory: an attacker forges a Kerberos Ticket Granting Ticket (TGT) using the KRBTGT account secret, then impersonates any user (often Domain Admin) to access domain resources while blending into “normal”…

Detecting Kerberoasting with PowerShell and logs

November 14, 2025

Detecting Kerberoasting with PowerShell and Logs Kerberoasting is an Active Directory attack technique where an attacker requests Kerberos service tickets (TGS) for accounts that have Service Principal Names (SPNs), then cracks the ticket offline to recover the service account password. Because it uses legitimate Kerberos flows, the key to detection is understanding what…

Mapping legacy AD groups to Entra roles

November 14, 2025

Mapping Legacy Active Directory Groups to Microsoft Entra Roles Legacy Active Directory (AD) group designs often carry years of historical decisions: “one group per admin team,” “one group per tool,” and the classic “Domain Admins-but-not-really” pattern. In Microsoft Entra ID, the control surface changes: privileged actions are driven by roles (directory…

Simulating AD attacks with Purple Team labs

November 14, 2025

Purple teaming in an Active Directory (AD) context is the discipline of running controlled, authorized attack simulations (red) while observing, tuning, and validating detection + response (blue). Done well, it turns vague goals like “improve AD security” into measurable outcomes: which attacks did we detect, how fast, with what signal quality, and what changed because of it. This guide…

Arun Kumar

Tracking privilege escalation in Azure AD

Zero Trust architecture with Entra at the core

Recovering deleted users and groups in Entra

Secure score improvements using Entra ID insights

Setting up MFA policies in hybrid environments

Creating compliance alerts with Entra Identity Governance

How to detect Golden Ticket attacks

Detecting Kerberoasting with PowerShell and logs

Mapping legacy AD groups to Entra roles

Simulating AD attacks with Purple Team labs

Featured Posts

What is Azure Data Factory (ADF)?

How to demote a Domain Controller: A step-by-step guide

Healthcare data Breaches down almost 50 percent in the first month of 2021

Popular with Readers

Active Directory Users and Computers (ADUC) - An introduction and installation guide

Active Directory Sites

Active Directory Password Policy

Recently Added

Monitoring risky sign-ins with identity protection in entra id

Entra conditional access templates for hybrid identity

Hybrid join vs azure ad join

ManageEngine among notable vendors in Forrester’s report

5 ways to mitigate the rising threat of identity sprawl

6-step guide to Enhance Hybrid IT Security

SysAdmin Toolkit

Group Policy Guide

Arun Kumar

Featured Posts

Popular with Readers

Recently Added