welcome on ninjasta.it

Identity (Active Directory and Entra ID)

Deep dives into identity security across on-prem Active Directory and Microsoft Entra ID (Azure AD): authentication, privileges, permissions, hybrid identity, and real-world migration and hardening patterns.

The Ghosts of Exchange: Hidden Permissions Lurking in Active Directory

Jul 14, 2025

Identity (Active Directory and Entra ID)

acl, active-directory, exchange, hybrid-identity, permissions, privileged-access

Even after uninstalling Exchange, traces of its deep integration with Active Directory remain — powerful groups, lingering ACLs, legacy attributes, and automation leftovers. Whether Exchange is running or long gone, ignoring what it left behind could leave your domain exposed. Here’s what you need to know (and clean up) before someone else does
Lateral Movement in Azure AD: What Still Works in 2025

Jul 3, 2025

Identity (Active Directory and Entra ID)

azure-ad, conditional-access, entra-id, identity-security, lateral-movement, mitre-attack, token-theft

Despite improvements in Microsoft cloud security, lateral movement in hybrid Azure AD environments is still viable in 2025 — and often undetected.
Shadow Admins in Active Directory: The Privilege You Don’t See (Until It’s Too Late)

Jun 25, 2025

Identity (Active Directory and Entra ID)

acl, active-directory, gpo, mitre-attack, privileged-access, shadow-admins, tiering

Shadow Admins are the privilege paths you’re not watching. These accounts don’t belong to Domain Admins, but they can take over your environment anyway — thanks to ACL misconfigurations, GPO access, or SIDHistory abuse. If you’re only auditing group membership, you’re already exposed.
Tiering in Active Directory: Effective Strategy to Increase Security and Resiliency

Apr 7, 2025

Identity (Active Directory and Entra ID)

active-directory, identity-security, jea, jit, paw, privileged-access, tiering

Active Directory (AD) is the beating heart of identity and IT asset management in many organizations. Being a critical system, the AD frequently becomes the target of cyber attacks aimed at gaining elevated privileges or compromising entire corporate infrastructures. For this reason, tiering has become a critical approach to reducing risk and ensuring greater security…
Migrating Your Windows Device from Active Directory to ENTRA ID

Feb 24, 2025

Identity (Active Directory and Entra ID)

active-directory, device-migration, entra-id, hybrid-identity, Powershell, windows

In a world where mobility is crucial, maintaining an AD joined computer can change from an asset to a burden. Modern users are constantly on the move. They do not rely on applications that need a constant remote connection. These users often manage a device tethered to an on-premise infrastructure. Instead of simplifying their daily…
Steps to Migrate to New Authentication Techniques

Sep 30, 2024

Identity (Active Directory and Entra ID)

authentication-methods, conditional-access, entra-id, identity-security, mfa, migration, sspr

Prepare the migration Beginning September 30, 2025, authentication techniques can’t be managed in these legacy multi-factor authentication and self-service password reset policies. Before start the migration of the new authentication techniques you need to review the action configuration of: Review the legacy MFA policy Start by documenting which techniques are available in the legacy MFA…

Identity (Active Directory and Entra ID)

The Ghosts of Exchange: Hidden Permissions Lurking in Active Directory

Lateral Movement in Azure AD: What Still Works in 2025

Shadow Admins in Active Directory: The Privilege You Don’t See (Until It’s Too Late)

Tiering in Active Directory: Effective Strategy to Increase Security and Resiliency

Migrating Your Windows Device from Active Directory to ENTRA ID

Steps to Migrate to New Authentication Techniques