This is a personal blog and all content herein is my own opinion and not that of my employer. OID-See v1.1.0 is out v1.0.1 tightened the scoring. v1.1.0 expands what OID-See can actually see. This is the biggest release since the initial drop: a new external identity posture surface, a fully …

OID-See v1.0.1 is out 🎉 This is a precision release. No shiny new dashboards. No dramatic architectural upheaval. Just tighter logic, fewer false positives, and a scoring model that better reflects how Entra actually behaves in the real world. If you’re already using OID-See, this release should …

OID-See is a security analysis tool for Microsoft Entra ID (Azure Active Directory) that maps OAuth application consent, permissions, service principal assignments, and trust signals into a queryable graph — giving defenders a BloodHound-style view of OAuth sprawl and impersonation risk. What it …

Hero image generated by ChatGPT This is a personal blog and all content herein is my own opinion and not that of my employer. Correction When I initially done this work and posted this blog, my mental model was that lack of ownership was a bad thing. My failing was in seeing ownership as metadata …

Hero image generated by ChatGPT This is a personal blog. All opinions are my own - not my employer’s. Earlier this year, I published OuttaTune – a deep dive into how Conditional Access (CA) depends on device-sourced metadata and the risks of trusting values that endpoints themselves can …

ISDF (Intune Stateful Device Fingerprinting) is an open-source project that closes a specific blindspot in Conditional Access: the fact that device-reported attributes can be locally manipulated. The problem it solves Conditional Access is only as strong as the signals it consumes. If a device can …