DNS Failures in Identity Systems: A Lab Experiment

I always thought 2-factor push notifications for Microsoft happened after successfully entering a password. Apparently, a user can select to log in with solely a push notification. That is considered two factors because, if the user fortuitously selects the correct code from a dropdown (only a handful of options so it is a high probability), that is the second factor. That allows hackers to gain access to your Microsoft account much more easily than the previous password + code combination. I would rather enter in the one-time code manually, but Microsoft doesn't allow you to turn off the pushes. That is frustrating because what they are forcing is less secure and allows for MFA bombing. Good thing that the phone settings (not Microsoft) allow you to suppress push notifications for applications. Someone has been using this attack against my account multiple times per day for a week in hopes that I accidentally click to grant access. Push notifications for authentication are convenient but too easy to abuse with this workflow.

Another delay around the SMTP AUTH deprecation in Exchange Online should be a clear signal: act now to reduce your attack surface instead of waiting for enforcement. SMTP AUTH remains one of the those abused authentication paths in Microsoft 365 and is a common target for password spraying. Scan to mail devices and legacy applications may be affected, but postponing this change only preserves avoidable risk. Deprecating SMTP AUTH is fully aligned with Microsoft’s Secure Future Initiative and the broader push to eliminate legacy authentication vectors. Do not rely solely on Conditional Access Block for SMTP AUTH. Conditional Access can block access, but it does not prevent successful password guessing. The correct approach is to disable SMTP AUTH tenant-wide and re-enable it only for explicitly required service accounts. Reducing legacy authentication is one of the fastest ways to meaningfully shrink external attack surface. https://lnkd.in/dUPVRCyV https://lnkd.in/dSM_MqGu

Most of us use the internet every day, but we don’t see what’s happening behind the scenes. Computers don’t understand website names like we do. They understand numbers called IP addresses. So when you type something like google.com, your computer actually needs a number, not the name. But imagine trying to remember numbers for every website you visit 😩 That would be stressful. This is where DNS (Domain Name System) helps us. DNS works like the internet’s contact list. It changes website names into IP addresses that computers understand. Here’s what happens in seconds when you type a website: Your device asks a DNS resolver — “Do you know this address?” If not, the request moves to the Root Server. Then to the TLD server (like the one for .com). Finally, it reaches the Authoritative Server, which gives the correct IP address. That IP address is sent back to you, and your browser connects to the website. All this happens in milliseconds, and we don’t even notice. Without DNS, using the internet would be much harder for humans. Still learning. Still growing 🌱 #NetworkingBasics #DNS #IPaddress #CloudJourney #TechLearning #Techgirl

🔐 Are Passkeys Ready for Enterprises? Short answer: Yes. Passkeys aren’t experimental anymore. They’re enterprise-ready, standards-based, and already being adopted at scale. If you’re modernizing IAM in 2026, Passkeys + FIDO should be on your roadmap, if they aren’t already. #Passkeys are: ✔️ Phishing-resistant by design: No shared secrets or passwords to steal ✔️ Proven at massive global scale: Backed by Apple, Google, and Microsoft For IT and security teams, this means: ✔️Fewer breaches caused by stolen credentials ✔️Lower support costs from password resets ✔️Faster, more reliable logins for users ✔️Strong alignment with Zero Trust strategies To learn more about passkeys, visit our article for a full FAQ: https://lnkd.in/gpQVPR-P

I'm having these issues. Anyone else? I spent an hour on the phone yesterday with a Microsoft guy that purported to fix it. Was fixed for a day and the problems are back. Hey Microsoft issue a press release explaining what happened - then fix KB5074109. Sheesh. "A recent Microsoft security update is causing widespread stability issues for Classic Outlook, particularly for users with POP email accounts and PST files. The Problem: KB5074109 The January 13, 2026, security update (KB5074109) has been identified as the primary cause for Outlook freezing, hanging, or failing to exit properly. Users report that Outlook may not restart after being closed because the process remains stuck in the background. In some cases, this instability can lead to corrupted PST data files."

👀 Unexpected “Office 365” external tenant in Entra – anyone else? We recently noticed an external tenant named “Office 365” appear under Entra → Cross‑Tenant Access / External Tenants (visible in the UI, with the tenant ID b4c546a4-7dac-46a6-a7dd-ed822a11efd3). Audit logs showed it being added under a Global Admin user context, despite no admin‑initiated action. #What we know so far: - No app registration - No service principal - No identifiable object in Entra - A Microsoft partner has validated the same log pattern in ~35 other tenants The tenant entry is later removed automatically by Microsoft - It occurs sometimes in an administrator account context, and sometimes with that detail as null. Conclusion so far: Not a normal breach and not user‑driven — this strongly points to a Microsoft backend operation, but the logging makes it look very suspicious during investigations. Microsoft Security Response Center— we’d appreciate guidance or clarification here. Is this a known internal process, and can logging attribution be improved to avoid false incident escalation? Otherwise… we might all need to become Google experts in a month or two if someone is behind your walls...😄 (Please confirm this as an internal operation.) Curious if others have seen this as well. #Microsoft #Security #Incident

Breaking News ... 🤣 Ahhh, In case you missed it (I did, I don't know how), Microsoft is aiming to phase out UAC and replace it with a more secure thingie called "Administrative Protection". They're doing this because UAC currently has over 81 bypasses and, for reasons unknown to me, Microsoft decided to scrap UAC in totality and redo the entire thing from the ground up. Why? I have literally no idea. 🤣 😂 Yeah right!! 🤣 😂 AP is now in preview mode for Windows Insider builds (testing stuff). Big brain security researchers from Google Project Zero poked it with a stick and discovered eight vulnerabilities that allowed them to bypass AP. Microsoft has since patched it. AP has yet to be deployed to Windows 11 as of this writing. AP on paper, when reading about it, seems like a good idea and seems like it ironically would be a massive security improvement for Windows. However, the new architecture would bamboozle some legacy applications. Making it work with older stuff will require lots of science from Microsoft. Additionally, and maybe I'm being a bit pessimistic, I am concerned Microsoft will vibe code slop their new security module and make it one massive cluster of a disaster. Please read the research performed by Tirando (can't find his social media profile) and the other nerds at Project Zero. It's interesting. They're all very talented security researchers and make feel like an imbecile. https://lnkd.in/d6UBNzBJ

As we move through 2026, I wanted to flag two critical milestones that may impact your IT infrastructure: - SQL Server 2016 - End of support in June 2026 - Windows Server 2016 - End of support in January 2027 If your organization is still running either of these platforms, now is the time to plan your upgrade path. Continuing beyond these dates means losing security updates, compliance support, and technical assistance. You know, all the boring stuff that keeps auditors happy and hackers disappointed. The good news? There may be funding available from Microsoft to help offset upgrade costs. Turns out they're quite generous when it comes to helping you buy more of their stuff. If you're unsure about your current infrastructure or want to explore your options, let's have a conversation. We're here to help you navigate these transitions without the usual existential dread that accompanies IT projects. Feel free to reach out - happy to discuss your specific situation. Justin.worthington@ultima.com

nOAuth isn’t just a SaaS problem—it’s a Microsoft 365 problem. 🧑💻 Semperis research shows that if a SaaS app vulnerable to nOAuth holds Microsoft Graph permissions like Mail.Send and Mail.ReadWrite, an attacker who compromises that app can send email and access data as the user inside your Microsoft 365 tenant—without ever logging into Microsoft 365 directly. 👉 Explore how that pivot works (and what it means for hybrid identity defenders) in “nOAuth Abuse Update: Potential Pivot into Microsoft 365.” https://lnkd.in/ez_KU-Sw #HybridIdentityProtection #nOAuth #IdentitySecurity

Every time you open a website, something powerful happens in the background and most of us never notice it. They understand numbers called IP addresses. So instead of “google.com”, a computer sees something like 142.250.xx.xx. Now imagine trying to remember numbers like that for every website you visit 😅 That’s where DNS (Domain Name System) comes in. DNS works like the internet’s contact list. It changes easy names we type into our browser into the IP addresses computers understand. So when you type google.com, this happens in seconds: First, your device asks a DNS resolver (usually from your internet provider): “Do you know this address?” If it doesn’t, the request goes to the Root Server, which points it in the right direction. Then it goes to the Top-Level Domain (TLD) Server — like the one handling .com. Finally, it reaches the Authoritative Server, which gives the exact IP address of the website. That number is sent back to you, and your browser connects to the site. All of this happens in milliseconds. Without DNS, we would all be memorizing long numbers just to browse the internet. DNS is one of the quiet systems that keeps the internet simple for humans and understandable for machines. #NetworkingBasics #DNS #CloudLearning #TechJourney #HowTheInternetWorks