<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>Adfs on microsegment.io</title>
    <link>https://microsegment.io/tags/adfs/</link>
    <description>Recent content in Adfs on microsegment.io</description>
    <generator>Hugo</generator>
    <language>en-us</language>
    <lastBuildDate>Tue, 14 Jul 2026 00:00:00 +0000</lastBuildDate>
    <atom:link href="https://microsegment.io/tags/adfs/index.xml" rel="self" type="application/rss+xml" />
    <item>
      <title>Your Identity Provider Needs a Containment Boundary</title>
      <link>https://microsegment.io/post/2026-07-14-identity-provider-containment-boundary/</link>
      <pubDate>Tue, 14 Jul 2026 00:00:00 +0000</pubDate>
      <guid>https://microsegment.io/post/2026-07-14-identity-provider-containment-boundary/</guid>
      <description>&lt;p&gt;Identity is often described as the new perimeter. That framing misses the harder architectural question: what protects the system that creates the identity assertion?&lt;/p&gt;&#xA;&lt;p&gt;&lt;a href=&#34;https://cloud.google.com/blog/topics/threat-intelligence/recovering-active-adfs-signing-keys-machine-dpapi&#34;&gt;New Mandiant research&lt;/a&gt; makes the problem concrete. During a red team engagement, Mandiant recovered an active Active Directory Federation Services token-signing key from the host&amp;rsquo;s machine-scoped cryptographic store. With that key, the team forged a SAML assertion for a Global Administrator identity that Microsoft Entra ID accepted.&lt;/p&gt;</description>
    </item>
  </channel>
</rss>
