Jaspreet Singh Tuning Evilginx for Entra ID: A Technical Deep Dive into Lab EID-EXP-017 By Jaspreet Singh, Identity Security Researcher at f11.ca Traditional Multi-Factor Authentication (MFA) is increasingly ineffective. In Lab EID-EXP-017 , we advanced beyond basic phishing to demonstra... 25-Apr-2026 ITBlogs.ca
Jaspreet Singh How OAuth Consent Phishing Works in Microsoft Entra ID (No Password, No MFA Bypass) Introduction Most organizations use Multi-Factor Authentication (MFA), which requires users to provide multiple forms of identification, as a primary defense against account compromise. (Inc., 2023) H... 15-Apr-2026 ITBlogs.ca
Jaspreet Singh EID-EXP-015: MFA Is Not Enough: A Technical Deep Dive into Session Persistence in Microsoft Entra ID MFA Is Not Enough: A Technical Deep Dive into Session Persistence in Microsoft Entra ID Based on Lab: EID-EXP-015 (f11.ca) Multi-Factor Authentication (MFA) is widely adopted as a core identity securi... 08-Apr-2026 ITBlogs.ca
Jaspreet Singh EID-EXP-013: Impossible Travel Detection vs VPN Behavior — Deep Dive for Security Engineers EID-EXP-013: Impossible Travel Detection vs VPN Behavior — Deep Dive for Security Engineers Introduction Impossible travel detection is a widely used identity protection signal in modern cloud environ... 03-Apr-2026 ITBlogs.ca
Jaspreet Singh MFA Fatigue Attacks in Microsoft Entra ID: A Technical Deep Dive (EID-EXP-014) MFA Fatigue Attacks in Microsoft Entra ID: A Technical Deep Dive Introduction Multi-Factor Authentication (MFA) is a foundational control in modern identity security. However, its effectiveness depend... 01-Apr-2026 ITBlogs.ca
Jaspreet Singh Conditional Access and Named Locations in Microsoft Entra ID – A Technical Deep Dive Lab (EID-EXP-010) Introduction Microsoft Entra ID Conditional Access serves as the primary enforcement layer for identity security in modern cloud environments. A common configuration pattern across organisations inclu... 28-Mar-2026 ITBlogs.ca
Jaspreet Singh Hybrid Identity Security Baseline – Deep Dive into Azure AD Connect and Entra ID Authentication (EID-EXP-009) Hybrid Identity Security Baseline – Deep Dive into Azure AD Connect and Entra ID Authentication (EID-EXP-009) Hybrid identity is widely adopted in Microsoft 365 environments. Organizations maintain on... 18-Mar-2026 ITBlogs.ca
Jaspreet Singh MFA Fatigue Attacks in Microsoft 365: Why Risk-Based Conditional Access Is Non-Negotiable (EID-EXP-008) MFA Fatigue Attacks in Microsoft 365: Why Risk-Based Conditional Access Is Non-Negotiable Multi-Factor Authentication (MFA) is widely deployed across Microsoft 365 tenants. However, MFA fatigue attack... 04-Mar-2026 ITBlogs.ca
Jaspreet Singh Block High-Risk Sign-ins in Microsoft Entra: Why “Detection” Isn’t Security (EID-EXP-007) NOTE : This analysis is based on real tenant observations and controlled experiments documented on f11.ca (Experiment ID: EID-EXP-007 ). Most Microsoft Entra tenants detect risky sign-ins. However, it... 23-Feb-2026 ITBlogs.ca
Jaspreet Singh Microsoft Entra Identity Protection: Configuring Alerts & Notifications for Risky Users and Risky Sign-ins (EID-EXP-006) NOTE : This analysis is based on real tenant observations and controlled experiments documented on f11.ca (Experiment ID: EID-EXP-006 ). Hands-on lab (f11) Microsoft Entra Identity Protection is widel... 16-Feb-2026 ITBlogs.ca
Jaspreet Singh Enforcing Risk Remediation in Microsoft Entra ID: Making Identity Protection Actually Stop Attacks (EID-EXP-005) Microsoft Entra Identity Protection is a valuable security feature in Microsoft 365, yet it is often misunderstood. Many organizations assume: “If Identity Protection detects a risky sign-in, it will ... 12-Feb-2026 ITBlogs.ca
Jaspreet Singh Identity Protection Alerts Often Overlooked: Why Detection Alone Does Not Prevent Compromise in Microsoft Entra ID Identity Protection Alerts Often Overlooked: Why Detection Alone Does Not Prevent Compromise in Microsoft Entra ID Many view Microsoft Entra ID Identity Protection as a security feature designed to bl... 07-Feb-2026 ITBlogs.ca