With the rise of AI Agents in organizations, I see at many customers AI Identities rapidly being created in Entra ID. One of the first questions most admins almost immediately have is, how can we know who created the AI Agent Identities, and how can we know where the related Agent lives? In this blogpost I will talk you through the steps on how to answer these basic but important governance questions.

At Ignite 2025, Microsoft announced Entra ID would be supporting Synced Passkeys for multiple credential providers. This means users can now create phishing resistant credentials, and sync those credentials across devices. This new authentication method has a lot of advantages, but also raises a couple of questions. Let's go over them together.

When connecting Microsoft Sentinel to Defender XDR, there are a couple of changes happening in tables which you should be aware of. Even though they are documented in the Microsoft Learn, I it is not always clear what the exact impact is. Let's go over it together.

As a valued member of our community, we would like to inform you that we are migrating our HybridBrothers.com blogging website to a new framework. More specifically, we are moving away from our current Ghost framework to Hugo. While the Ghost blogging platform works great, we decided to move away from it due to the hosting complexity it introduces.

Microsoft announced on the 1st of July 2025 that the Microsoft Sentinel Azure Portal UI will be deprecated at the 1st of July 2026, and all requests will be redirected to the Security Portal instead. This means that all Microsoft Sentinel customers have 1 year time to transition to the Unified experience between Microsoft Sentinel and Defender XDR.

I recently followed a live session of Dirk-Jan Mollema and Ceri Coburn on how Windows Hello for Business can be abused as a non-privileged user. I was very intrigued by the concept of the attack they demonstrated, which is why a spend a couple of days thinking of ways how we can counter this attack with detective controls as blue teamers.

This blogpost is probably the first of a series that I will create in the coming months on Device Discovery. I regularly see organizations buy a specific tool to create an asset inventory list of what lives in their networks, while this is something we can actually do with Microsoft technology

If you are working with Microsoft security solutions, you might have heard of the new kid on the block called Microsoft Global Secure Access. Being a blue teamer myself, I asked myself how we can use this new Secure Service Edge solution - and specifically the Internet Access logs - to make our detections better.

Learn how to parse CEF message to Common Security Log without AMA agent

How can you effectively isolate a device in your network, and be sure a threat will not perform lateral movement?