Finding Every MFA Gap: Testing 250 Million Conditional Access Combinations in Under 20 Minutes
Emilien Socchi, Cloud Security Research Engineer at Storebrand, joins us to discuss CA Insight and AZTier. Two open-source tools Emilien built to find gaps in Conditional Access policies and categorize Azure/Entra roles based on attack paths. Learn how CA Insight evaluates 250 million sign-in combinations offline in minutes instead of days, why the What If API doesn't scale, and how AZTier helps defenders and pen testers understand privilege escalation risks across Entra ID, Azure, and Microsoft Graph. Together, these projects help security teams move from reactive log monitoring to a proactive defense strategy. About Emilien Socchi Emilien Socchi is a Cloud Security Research Engineer at Storebrand (Oslo, Norway) focusing on the proactive discovery of security issues. With an extensive background in application and cloud penetration testing, Emilien has published practical research and tooling used by defenders. He also maintains several open‑source projects, including Azure administrative tiering models and Entra ID role‑monitoring utilities. LinkedIn - / emilien-socchi 🔗 Related Links CA Insight- https://github.com/emiliensocchi/entr... Azure Administrative Tiering (AzTier) - https://aztier.com AzTier Source: https://github.com/emiliensocchi/azur... AzTier Deployer - https://github.com/emiliensocchi/azti... 📗 Chapters 00:00 The Story Behind CA Insights 16:52 Why the ‘What If’ API Doesn’t Scale 21:09 Building an Offline Evaluation Engine 45:22 Deep Dive into AZTier: A Red Team Perspective Podcast Apps 🎙️ Entra.Chat - https://entra.chat 🎧 Apple Podcast → https://entra.chat/apple 📺 YouTube → https://entra.chat/youtube 📺 Spotify → https://entra.chat/spotify 🎧 Overcast → https://entra.chat/overcast 🎧 Pocketcast → https://entra.chat/pocketcast 🎧 Others → https://entra.chat/rss Merill’s socials 📺 YouTube → / @merillx 👔 LinkedIn → linkedin.com/in/merill 🐤 Twitter → twitter.com/merill 🕺 TikTok → tiktok.com/@merillf 🦋 Bluesky → bsky.app/profile/merill.net 🐘 Mastodon → infosec.exchange/@merill 🧵 Threads → threads.net/@merillf 🤖 GitHub → github.com/merill
5 Entra ID Updates You Can’t Afford to Ignore in 2026 (Backup, Governance & Risk Score Exposed)
Turing Award Winner: Disagreeing with Google, Postgres, Future Problems | Mike Stonebraker
5 Passkey Rollout Lessons Every Identity Team Should Know
How to Design Bullet-Proof Conditional Access Policies in Microsoft Entra ID
The Skills That Take You From Helpdesk to Head of Security
Zero-Click Attacks: AI Agents and the Next Cybersecurity Challenge
Powerful Prayer for Healing, Protection & Blessings for Your Home & Family
AI Inaction - The Real Cost to Your Business and How to Recover | Zero Shot Ep. 18
Attacking AI - Jason Haddix - NDC Security 2026
Breaking Identity Barriers: 700 Apps & 30,000 Users in 90 Days | EntraChat with Ben Wolfe
THESE Apps Are SPYING on You — Shut Them Off NOW!
What an ID Governance Consultant Wishes You Knew About Entra
Andrej Karpathy: From Vibe Coding to Agentic Engineering w/ Stephanie Zhan
Entra ID Deep Dive: Identity Governance, ECMA Connectors & Modern Provisioning Explained
Exclusive Interview With Nvidia CEO Jensen Huang (Full Special)
Everyone's Had Enough of AI Data Centres
How to Secure Copilot Agents, Azure DevOps & Defender with Maester 2.1 (Full Breakdown)
„Merkel schwebt über allem“ – Patzelt Politik
Emerging Situation: Anthropic's Global Pause, Recursive Self-Improvement, and AI Personhood Arrives
