Fixed formats

Cloud-Architekt · Dec 3, 2023 · 0454a3d · 0454a3d
1 parent 1a2fc63
commit 0454a3d
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/_posts/2023-12-03-entra-workload-id-threat-detection.md b/_posts/2023-12-03-entra-workload-id-threat-detection.md
@@ -40,7 +40,8 @@ As we can see in the following example from “Solorigate” attacks, service pr
 
 ![Untitled]({{ site.url }}{{ site.baseurl }}/assets/images/2023-12-03-entra-workload-id-threat-detection/workloadidsecmon0.png)
 
-*In the past, “[Solorigate](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610)” was one of the known attack paths which used an existing privileged application to gain access to sensitive data.*
+*In the past, “[Solorigate](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610)” was one of the known attack paths which used an existing privileged application to gain access to sensitive data.
+Image Source: [Microsoft TechCommunity "Solarigate"'s Identity IoCs](https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610)*
 
 ### Example of (multi-stage) attack path and relation to MITRE TTPs
 
@@ -76,7 +77,7 @@ Below you will find a short comparison of the application and managed identity t
 | Security Dependencies | Secure storing of credentials, Protection of App Reg/Service Principal object | Security of Federated Workload/IdP, Protection of App Reg/SP object | Security and restricted management of Azure Resource(s) and SP object |
 | Restrict token acquisition | Conditional Access (Single Tenant only) | Conditional Access (Single Tenant only) | Not Available |
 | Detection for Identity Attacks | Identity Protection, Sign-in logs | Identity Protection, Correlation between Entra ID and Trusted IdP AuthN/AuthZ logs | Limited Sign-in logs |
-Response time to invalid issued token | 1h (Default), Few minutes when CAE is supported | 1h (Default), Few minutes when CAE is supported | 24h (https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/managed-identity-best-practice-recommendations#limitation-of-using-managed-identities-for-authorization), No support for CAE |
+Response time to invalid issued token | 1h (Default), Few minutes when CAE is supported | 1h (Default), Few minutes when CAE is supported | [24h (by design)] (https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/managed-identity-best-practice-recommendations#limitation-of-using-managed-identities-for-authorization), No support for CAE |
 
 _*Assigned permissions to other tenants via Microsoft Lighthouse delegation_