Our latest news and insights
Entra ID Synced Passkeys and security considerations
Microsoft announced that Entra ID would be supporting Synced Passkeys for multiple credential providers. This means users can now create phishing resistant credentials and sync those credentials across devices. This new authentication method brings a lot of advantages compared to device-bound passkeys but also raises some security concerns. In this post we will go over how to use synced passkeys, and in which scenarios we recommend against it.
Cross-tenant Event Grid Privilege Escalation Vulnerability
While developing a new feature for The Collective's Azure Managed Service, the Azure Team stumbled upon an Azure Event Grid System Topic vulnerability allowing us to view Event Subscriptions data for all tenants that had an Event Subscription configured due to a flaw...
Inside Microsoft Global Secure Access: Architecture, Profiles, and Real-World Use Cases
Microsoft’s Global Secure Access (GSA) is more than just a new acronym in the Secure Service Edge market. It represents a shift in how network security is delivered by moving from a network-first to an identity-first approach. How It Works At its core, GSA combines:...
How Azure Global Secure Access enables true Zero Trust for Point-to-Site Connections
Traditional VPNs don’t suffice Point-to-Site VPN solutions have often formed the foundation of connectivity in a world where remote work is more and more prevalent. Mature environments will have their resources shielded from the public internet, making day-to-day...
How Compliance in Azure Strengthens Your Cloud Security Posture
This article outlines how leveraging Azure’s built-in compliance tools and frameworks can help organisations achieve both governance and enhanced protection across their entire cloud footprint.
Beyond the Buzzwords: What a SOC Really Does for Your Business
Nearly every business leader has heard of a SOC (Security Operations Center) but few appreciate its real impact on today’s enterprise. A SOC isn’t just about technical threat monitoring or churning out alerts; it’s about enabling your business to thrive securely. At...
The Real Value of a Modern SOC: Why Outsourcing Security Makes Sense
Welcome to the world of the Security Operations Center (SOC), the nerve center for detecting and responding to cyber threats. Yet, not every business has the resources or expertise to run their own in-house SOC. That’s where SOC as a Service or SOCAAS steps in.
Avoiding Common Mistakes: Lessons Learned from Password Management Failures
While password managers are powerful tools for securing corporate credentials, their effectiveness depends not just on adoption, but on correct implementation and ongoing management. As discussed by the experts on The Collective Podcast, even well-intentioned companies can fall into traps that put sensitive data – and business reputation – at risk.
Azure Cost Optimization: How Security and Savings Go Hand in Hand
Security and cost efficiency are often seen as opposing forces in cloud environments. However, as discussed on The Collective Podcast, a well-secured Azure setup can actually drive significant savings if you know where to look.
Inside a Real Attack: How Our SOC Stopped an AiTM Breach in Minutes
Have you ever wondered what really happens inside a Security Operations Center (SOC) during a cyberattack? Here’s a behind-the-scenes look at how our team at The Collective neutralized a sophisticated Adversary-in-the-Middle (AiTM) breach, demonstrating how a modern SOC as a Service operates under pressure … and wins.