Jaspreet Singh MFA Fatigue Attacks in Microsoft 365: Why Risk-Based Conditional Access Is Non-Negotiable (EID-EXP-008) MFA Fatigue Attacks in Microsoft 365: Why Risk-Based Conditional Access Is Non-Negotiable Multi-Factor Authentication (MFA) is widely deployed across Microsoft 365 tenants. However, MFA fatigue attack... 04-Mar-2026
Jaspreet Singh Block High-Risk Sign-ins in Microsoft Entra: Why “Detection” Isn’t Security (EID-EXP-007) NOTE : This analysis is based on real tenant observations and controlled experiments documented on f11.ca (Experiment ID: EID-EXP-007 ). Most Microsoft Entra tenants detect risky sign-ins. However, it... 23-Feb-2026
Jaspreet Singh Microsoft Entra Identity Protection: Configuring Alerts & Notifications for Risky Users and Risky Sign-ins (EID-EXP-006) NOTE : This analysis is based on real tenant observations and controlled experiments documented on f11.ca (Experiment ID: EID-EXP-006 ). Hands-on lab (f11) Microsoft Entra Identity Protection is widel... 16-Feb-2026
Jaspreet Singh Enforcing Risk Remediation in Microsoft Entra ID: Making Identity Protection Actually Stop Attacks (EID-EXP-005) Microsoft Entra Identity Protection is a valuable security feature in Microsoft 365, yet it is often misunderstood. Many organizations assume: “If Identity Protection detects a risky sign-in, it will ... 12-Feb-2026
Jaspreet Singh Identity Protection Alerts Often Overlooked: Why Detection Alone Does Not Prevent Compromise in Microsoft Entra ID Identity Protection Alerts Often Overlooked: Why Detection Alone Does Not Prevent Compromise in Microsoft Entra ID Many view Microsoft Entra ID Identity Protection as a security feature designed to bl... 07-Feb-2026
Jaspreet Singh Break-Glass Accounts in Microsoft Entra ID: Failure Modes, Detection, and Hardening Why This Deep Dive Matters Break-glass (emergency access) accounts are designed solely to guarantee administrative access when all other methods fail. In Microsoft Entra ID environments with Condition... 04-Feb-2026
Jaspreet Singh Microsoft Entra ID Sign-In Logs: A Technical Deep Dive Into Visibility Gaps Microsoft Entra ID Sign-In Logs: A Technical Deep Dive Into Visibility Gaps Many security teams assume Microsoft Entra ID sign-in logs provide a complete view of authentication activity. However, thes... 29-Jan-2026
Jaspreet Singh Default Microsoft Entra ID Security Is Often Overestimated Default Microsoft Entra ID Security Is Often Overestimated A Technical Analysis of Identity Gaps in New Tenants Introduction Many security teams believe that a newly created Microsoft Entra ID (former... 26-Jan-2026
Jaspreet Singh Why Device Trust Is Often Assumed, Not Verified Why Device Trust Is Often Assumed, Not Verified A Technical Deep Dive into Identity, Tokens, and Trust Decay Device trust in Microsoft identity ecosystems is not continuously validated. Device trust i... 23-Jan-2026
Jaspreet Singh Guest Users: The Overlooked Lateral Movement Path in Entra ID Guest Users: The Overlooked Lateral Movement Path in Entra ID Executive Summary Guest users are often considered low-risk, low-privilege identities. However, they represent one of the most under-monit... 22-Jan-2026
Jaspreet Singh Break-Glass Accounts That Fail During Real Incidents Break-Glass Accounts That Fail During Real Incidents And why most organizations only notice this problem when it’s already too late.When an incident hits, break-glass accounts are supposed to save you... 21-Jan-2026
Jaspreet Singh The Hidden Risks of “All Users” in Conditional Access The Hidden Risks of “All Users” in Conditional Access Conditional Access is one of the most powerful security controls in Microsoft Entra ID. (Strengthening Security with Conditional Access in Microso... 20-Jan-2026