Compass Security Blog

Offensive Defense

Common Entra ID Security Assessment Findings – Part 2: Privileged Unprotected Groups

March 31, 2026 / / 0 Comments

In part 2 of our 4-part series on common Entra ID security findings, we show how seemingly harmless group configurations can be abused to bypass security controls and gain high privileges.

The post shows scenarios where insufficiently protected groups are used to:

weaken Conditional Access protections for administrators

enable privilege escalation through PIM for Groups

grant privileged access to Azure resources, leading to full compromise

We also show how to detect these issues in practice using EntraFalcon and how to mitigate them.

Continue reading

Common Entra ID Security Assessment Findings – Part 1: Foreign Enterprise Applications With Privileged API Permissions

March 24, 2026 / / 0 Comments

This post is part of a small blog series covering common Entra ID security findings observed during real-world assessments. Each article explores selected findings in more detail to support a clearer understanding of the underlying risks and practical implications. Introduction In the vast majority of tenants we review, there are enterprise applications that originate from […]

Continue reading

From Enumeration to Findings: The Security Findings Report in EntraFalcon

March 17, 2026 / / 0 Comments

We just released a big update for EntraFalcon. The new Security Findings Report adds an interactive HTML overview to EntraFalcon that consolidates tenant settings and object-based checks into structured security findings. Over 60 checks, graphical charts, filtering, export, and more options are now available.

Continue reading

Introducing EntraFalcon – A Tool to Enumerate Entra ID Objects and Assignments

April 29, 2025 / / 1 Comment

TL;DR: PowerShell tool to enumerate Entra ID objects, assignments and identify highly privileged objects or risky configurations. https://github.com/CompassSecurity/EntraFalcon Entra ID environments can contain thousands of objects – users, groups, service principals, and more – each with unique properties and complex relationships. While manual reviews through the Entra portal might be feasible in smaller environments, they […]

Continue reading

Luring the Threat: Lessons from ICS Honeypots in Ukraine and Germany

February 27, 2024 / / 0 Comments

In today’s interconnected world, it is a well-known fact that systems with Internet exposure are under continual threat of cyber-attacks. This risk extends from private websites to corporate infrastructure. With the increasing modernization of Industrial Control Systems (ICS), these vital components also become more exposed to such threats. But what is the extent and nature […]

Continue reading

© 2026 Compass Security Blog

Up ↑