Understanding "Solorigate"'s Identity IOCs - for Identity Vendors and
their customers.
By Alex Weinert
Published: 2020-12-21 · Archived: 2026-04-05 20:03:05 UTC
"}},"componentScriptGroups({\"componentId\":\"custom.widget.SocialSharing\"})":
{"__typename":"ComponentScriptGroups","scriptGroups":
{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":
{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":
{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":
[]},"component({\"componentId\":\"custom.widget.MicrosoftFooter\"})":
{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":
[\"message:2007610\"],\"name\":\"BlogMessagePage\",\"props\":
{},\"url\":\"https://techcommunity.microsoft.com/blog/microsoft-entra-blog/understanding-solorigates-identity-iocs---for-identity-vendors-and-their-custome/2007610\"}}})":{"__typename":"ComponentRenderResult","html":"
"}},"componentScriptGroups({\"componentId\":\"custom.widget.MicrosoftFooter\"})":
{"__typename":"ComponentScriptGroups","scriptGroups":
{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":
{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":
{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":
[]},"cachedText({\"lastModified\":\"1775111751358\",\"locale\":\"en-US\",\"namespaces\":
[\"components/community/NavbarDropdownToggle\"]})":[{"__ref":"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1775111751358"}],"cachedText({\"lastModified\":\"1775111751358\",\"locale\":\"en-US\",\"namespaces\":
[\"components/messages/MessageCoverImage\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageCoverImage-1775111751358"}],"cachedText({\"lastModified\":\"1775111751358\",\"locale\":\"en-US\",\"namespaces\":
[\"shared/client/components/nodes/NodeTitle\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeTitle-1775111751358"}],"cachedText({\"lastModified\":\"1775111751358\",\"locale\":\"en-US\",\"namespaces\":
[\"components/messages/MessageTimeToRead\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageTimeToRead-1775111751358"}],"cachedText({\"lastModified\":\"1775111751358\",\"locale\":\"en-US\",\"namespaces\":
[\"components/messages/MessageSubject\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageSubject-1775111751358"}],"cachedText({\"lastModified\":\"1775111751358\",\"locale\":\"en-US\",\"namespaces\":
[\"components/users/UserLink\"]})":[{"__ref":"CachedAsset:text:en_US-components/users/UserLink-1775111751358"}],"cachedText({\"lastModified\":\"1775111751358\",\"locale\":\"en-US\",\"namespaces\":
[\"shared/client/components/users/UserRank\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/users/UserRank-1775111751358"}],"cachedText({\"lastModified\":\"1775111751358\",\"locale\":\"en-US\",\"namespaces\":
[\"components/messages/MessageTime\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageTime-1775111751358"}],"cachedText({\"lastModified\":\"1775111751358\",\"locale\":\"en-US\",\"namespaces\":
[\"components/messages/MessageBody\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageBody-1775111751358"}],"cachedText({\"lastModified\":\"1775111751358\",\"locale\":\"en-US\",\"namespaces\":
[\"components/messages/MessageCustomFields\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageCustomFields-1775111751358"}],"cachedText({\"lastModified\":\"1775111751358\",\"locale\":\"en-US\",\"namespaces\":
[\"components/messages/MessageRevision\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageRevision-1775111751358"}],"cachedText({\"lastModified\":\"1775111751358\",\"locale\":\"en-US\",\"namespaces\":
[\"shared/client/components/common/QueryHandler\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/QueryHandler-1775111751358"}],"cachedText({\"lastModified\":\"1775111751358\",\"locale\":\"en-US\",\"namespaces\":
[\"components/tags/TagList\"]})":[{"__ref":"CachedAsset:text:en_US-components/tags/TagList-1775111751358"}],"cachedText({\"lastModified\":\"1775111751358\",\"locale\":\"en-US\",\"namespaces\":
[\"components/messages/MessageReplyButton\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageReplyButton-1775111751358"}],"cachedText({\"lastModified\":\"1775111751358\",\"locale\":\"en-US\",\"namespaces\":
[\"components/messages/MessageAuthorBio\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageAuthorBio-https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 1 of 38

1775111751358"}],"cachedText({\"lastModified\":\"1775111751358\",\"locale\":\"en-US\",\"namespaces\":
[\"shared/client/components/users/UserAvatar\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1775111751358"}],"cachedText({\"lastModified\":\"1775111751358\",\"locale\":\"en-US\",\"namespaces\":
[\"shared/client/components/ranks/UserRankLabel\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/ranks/UserRankLabel-1775111751358"}],"cachedText({\"lastModified\":\"1775111751358\",\"locale\":\"en-US\",\"namespaces\":
[\"components/users/UserRegistrationDate\"]})":[{"__ref":"CachedAsset:text:en_US-components/users/UserRegistrationDate-1775111751358"}],"cachedText({\"lastModified\":\"1775111751358\",\"locale\":\"en-US\",\"namespaces\":
[\"shared/client/components/nodes/NodeAvatar\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeAvatar-1775111751358"}],"cachedText({\"lastModified\":\"1775111751358\",\"locale\":\"en-US\",\"namespaces\":
[\"shared/client/components/nodes/NodeDescription\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeDescription-1775111751358"}],"cachedText({\"lastModified\":\"1775111751358\",\"locale\":\"en-US\",\"namespaces\":
[\"shared/client/components/nodes/NodeIcon\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1775111751358"}]},"Theme:customTheme1":
{"__typename":"Theme","id":"customTheme1"},"User:user:-1":
{"__typename":"User","id":"user:-1","entityType":"USER","eventPath":"community:gxcuf89792/user:-1","uid":-1,"login":"Deleted","email":"","avatar":
{"__typename":"RegistrationData","status":"ANONYMOUS","registrationTime":null,"confirmEmailStatus":false,"registrationAccessLevel":"VIEW","ss
[]},"ssoId":null,"profileSettings":{"__typename":"ProfileSettings","dateDisplayStyle":
{"__typename":"InheritableStringSettingWithPossibleValues","key":"layout.friendly_dates_enabled","value":"false","localValue":"true","possibleValues"
["true","false"]},"dateDisplayFormat":
{"__typename":"InheritableStringSetting","key":"layout.format_pattern_date","value":"MMM dd yyyy","localValue":"MM-dd-yyyy"},"language":{"__typename":"InheritableStringSettingWithPossibleValues","key":"profile.language","value":"en-US","localValue":null,"possibleValues":["en-US","es-ES"]},"repliesSortOrder":
{"__typename":"InheritableStringSettingWithPossibleValues","key":"config.user_replies_sort_order","value":"DEFAULT","localValue":"DEFAULT","po
["DEFAULT","LIKES","PUBLISH_TIME","REVERSE_PUBLISH_TIME"]}},"deleted":false},"CachedAsset:pages-1775111737765":{"__typename":"CachedAsset","id":"pages-1775111737765","value":
[{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"BlogViewAllPostsPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId/all-posts/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"CasePortalPage","type":"CASE_PORTAL","urlPath":"/caseportal","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"CreateGroupHubPage","type":"GROUP_HUB","urlPath":"/groups/create","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"CaseViewPage","type":"CASE_DETAILS","urlPath":"/case/:caseId/:caseNumber","__typename":"PageDescriptor"},"__typename":"PageResource
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"InboxPage","type":"COMMUNITY","urlPath":"/inbox","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"HelpFAQPage","type":"COMMUNITY","urlPath":"/help","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"IdeaMessagePage","type":"IDEA_POST","urlPath":"/idea/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename"
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"IdeaViewAllIdeasPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/all-ideas/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"LoginPage","type":"USER","urlPath":"/signin","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"WorkstreamsPage","type":"COMMUNITY","urlPath":"/workstreams","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"BlogPostPage","type":"BLOG","urlPath":"/category/:categoryId/blogs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageRes
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"UserBlogPermissions.Page","type":"COMMUNITY","urlPath":"/c/user-blog-permissions/page","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"ThemeEditorPage","type":"COMMUNITY","urlPath":"/designer/themes","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"TkbViewAllArticlesPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId/all-articles/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1730819800000,"localOverride":null,"page":
{"id":"AllEvents","type":"CUSTOM","urlPath":"/Events","__typename":"PageDescriptor"},"__typename":"PageResource"},
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 2 of 38

{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"OccasionEditPage","type":"EVENT","urlPath":"/event/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"OAuthAuthorizationAllowPage","type":"USER","urlPath":"/auth/authorize/allow","__typename":"PageDescriptor"},"__typename":"PageResource
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"PageEditorPage","type":"COMMUNITY","urlPath":"/designer/pages","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"PostPage","type":"COMMUNITY","urlPath":"/category/:categoryId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResou
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"CreateUserGroup.Page","type":"COMMUNITY","urlPath":"/c/create-user-group/page","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"ForumBoardPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId","__typename":"PageDescriptor"},"__typename":"Pag
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"TkbBoardPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"EventPostPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageR
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"UserBadgesPage","type":"COMMUNITY","urlPath":"/users/:login/:userId/badges","__typename":"PageDescriptor"},"__typename":"PageResourc
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"GroupHubMembershipAction","type":"GROUP_HUB","urlPath":"/membership/join/:nodeId/:membershipType","__typename":"PageDescriptor"}
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"MaintenancePage","type":"COMMUNITY","urlPath":"/maintenance","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"IdeaReplyPage","type":"IDEA_REPLY","urlPath":"/idea/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescripto
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"UserSettingsPage","type":"USER","urlPath":"/mysettings/:userSettingsTab","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"GroupHubsPage","type":"GROUP_HUB","urlPath":"/groups","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"ForumPostPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/create","__typename":"PageDescriptor"},"__typename":
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"OccasionRsvpActionPage","type":"OCCASION","urlPath":"/event/:boardId/:messageSubject/:messageId/rsvp/:responseType","__typename":"Pag
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"VerifyUserEmailPage","type":"USER","urlPath":"/verifyemail/:userId/:verifyEmailToken","__typename":"PageDescriptor"},"__typename":"PageR
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"AllOccasionsPage","type":"OCCASION","urlPath":"/category/:categoryId/events/:boardId/all-events/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"EventBoardPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId","__typename":"PageDescriptor"},"__typename":"PageResou
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"TkbReplyPage","type":"TKB_REPLY","urlPath":"/kb/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"}
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"IdeaBoardPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"CommunityGuideLinesPage","type":"COMMUNITY","urlPath":"/communityguidelines","__typename":"PageDescriptor"},"__typename":"PageR
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"CaseCreatePage","type":"SALESFORCE_CASE_CREATION","urlPath":"/caseportal/create","__typename":"PageDescriptor"},"__typename":"Pa
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"TkbEditPage","type":"TKB","urlPath":"/kb/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageRes
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"ForgotPasswordPage","type":"USER","urlPath":"/forgotpassword","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"IdeaEditPage","type":"IDEA","urlPath":"/idea/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageR
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"TagPage","type":"COMMUNITY","urlPath":"/tag/:tagName","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"BlogBoardPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"OccasionMessagePage","type":"OCCASION_TOPIC","urlPath":"/event/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"ManageContentPage","type":"COMMUNITY","urlPath":"/managecontent","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"ClosedMembershipNodeNonMembersPage","type":"GROUP_HUB","urlPath":"/closedgroup/:groupHubId","__typename":"PageDescriptor"},"__t
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 3 of 38

{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"CommunityPage","type":"COMMUNITY","urlPath":"/","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"ForumMessagePage","type":"FORUM_TOPIC","urlPath":"/discussions/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"IdeaPostPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResou
{"lastUpdatedTime":1730819800000,"localOverride":null,"page":
{"id":"CommunityHub.Page","type":"CUSTOM","urlPath":"/Directory","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"BlogMessagePage","type":"BLOG_ARTICLE","urlPath":"/blog/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typen
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"RegistrationPage","type":"USER","urlPath":"/register","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"EditGroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/edit","__typename":"PageDescriptor"},"__typename":"PageResource
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"ForumEditPage","type":"FORUM","urlPath":"/discussions/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typena
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"ResetPasswordPage","type":"USER","urlPath":"/resetpassword/:userId/:resetPasswordToken","__typename":"PageDescriptor"},"__typename":"Pa
{"lastUpdatedTime":1730819800000,"localOverride":null,"page":
{"id":"AllBlogs.Page","type":"CUSTOM","urlPath":"/blogs","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"TkbMessagePage","type":"TKB_ARTICLE","urlPath":"/kb/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"BlogEditPage","type":"BLOG","urlPath":"/blog/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"Page
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"ManageUsersPage","type":"USER","urlPath":"/users/manage/:tab?/:manageUsersTab?","__typename":"PageDescriptor"},"__typename":"PageRes
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"ForumReplyPage","type":"FORUM_REPLY","urlPath":"/discussions/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageD
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"PrivacyPolicyPage","type":"COMMUNITY","urlPath":"/privacypolicy","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"NotificationPage","type":"COMMUNITY","urlPath":"/notifications","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"UserPage","type":"USER","urlPath":"/users/:login/:userId","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"HealthCheckPage","type":"COMMUNITY","urlPath":"/health","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"OccasionReplyPage","type":"OCCASION_REPLY","urlPath":"/event/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"P
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"ManageMembersPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/manage/:tab?","__typename":"PageDescriptor"},"__typename":"P
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"SearchResultsPage","type":"COMMUNITY","urlPath":"/search","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"BlogReplyPage","type":"BLOG_REPLY","urlPath":"/blog/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"GroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"TermsOfServicePage","type":"COMMUNITY","urlPath":"/termsofservice","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"CategoryPage","type":"CATEGORY","urlPath":"/category/:categoryId","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"ForumViewAllTopicsPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/all-topics/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"TkbPostPage","type":"TKB","urlPath":"/category/:categoryId/kbs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource
{"lastUpdatedTime":1775111737765,"localOverride":null,"page":
{"id":"GroupHubPostPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/:boardId/create","__typename":"PageDescriptor"},"__typename":"Pa
components/context/AppContext/AppContextProvider-0":{"__typename":"CachedAsset","id":"text:en_US-components/context/AppContext/AppContextProvider-0","value":{"noCommunity":"Cannot find
community","noUser":"Cannot find current user","noNode":"Cannot find node with id {nodeId}","noMessage":"Cannot
find message with id {messageId}","userBanned":"We're sorry, but you have been banned from using this
site.","userBannedReason":"You have been banned for the following reason:
{reason}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-0":
{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-0","value":
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 4 of 38

{"title":"Loading..."},"localOverride":false},"Rank:rank:25":
{"__typename":"Rank","id":"rank:25","position":3,"name":"Former
Employee","color":"333333","icon":null,"rankStyle":"TEXT"},"User:user:221690":
{"__typename":"User","id":"user:221690","uid":221690,"login":"Alex Weinert","deleted":false,"avatar":
{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/m_assets/avatars/default/avatar-6.svg?time=0"},"rank":
{"__ref":"Rank:rank:25"},"email":"","messagesCount":70,"biography":null,"topicsCount":67,"kudosReceivedCount":639,"kudosGivenCount":6,"kudosW
{"__typename":"RegistrationData","status":null,"registrationTime":"2018-10-02T15:04:26.063-
07:00","confirmEmailStatus":null},"followersCount":null,"solutionsCount":0},"Category:category:microsoft-entra":
{"__typename":"Category","id":"category:microsoft-entra","entityType":"CATEGORY","displayId":"microsoft-entra","nodeType":"category","depth":4,"title":"Microsoft Entra","shortTitle":"Microsoft Entra","parent":
{"__ref":"Category:category:microsoft-security"}},"Category:category:top":
{"__typename":"Category","id":"category:top","entityType":"CATEGORY","displayId":"top","nodeType":"category","depth":0,"title":"Top","shortTitle"
{"__typename":"Category","id":"category:communities","entityType":"CATEGORY","displayId":"communities","nodeType":"category","depth":1,"paren
{"__ref":"Category:category:top"},"title":"Communities","shortTitle":"Communities"},"Category:category:products-services":{"__typename":"Category","id":"category:products-services","entityType":"CATEGORY","displayId":"products-services","nodeType":"category","depth":2,"parent":
{"__ref":"Category:category:communities"},"title":"Products","shortTitle":"Products"},"Category:category:microsoft-security":{"__typename":"Category","id":"category:microsoft-security","entityType":"CATEGORY","displayId":"microsoft-security","nodeType":"category","depth":3,"parent":
{"__ref":"Category:category:products-services"},"title":"Microsoft Security","shortTitle":"Microsoft
Security","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Blog:board:microsoft-entra-blog":
{"__typename":"Blog","id":"board:microsoft-entra-blog","entityType":"BLOG","displayId":"microsoft-entra-blog","nodeType":"board","depth":5,"conversationStyle":"BLOG","repliesProperties":
{"__typename":"RepliesProperties","sortOrder":"REVERSE_PUBLISH_TIME","repliesFormat":"threaded"},"tagProperties":
{"__typename":"TagNodeProperties","tagsEnabled":
{"__typename":"PolicyResult","failureReason":null}},"requireTags":true,"tagType":"PRESET_ONLY","description":"Stay
informed on how to secure access for any identity to any resource, anywhere, with comprehensive identity and network
access solutions powered by AI. \n\n
Visit the homepage
","title":"Microsoft Entra Blog","shortTitle":"Microsoft Entra Blog","parent":{"__ref":"Category:category:microsoft-entra"},"ancestors":{"__typename":"CoreNodeConnection","edges":[{"__typename":"CoreNodeEdge","node":
{"__ref":"Community:community:gxcuf89792"}},{"__typename":"CoreNodeEdge","node":
{"__ref":"Category:category:communities"}},{"__typename":"CoreNodeEdge","node":
{"__ref":"Category:category:products-services"}},{"__typename":"CoreNodeEdge","node":
{"__ref":"Category:category:microsoft-security"}},{"__typename":"CoreNodeEdge","node":
{"__ref":"Category:category:microsoft-entra"}}]},"userContext":
{"__typename":"NodeUserContext","canAddAttachments":false,"canUpdateNode":false,"canPostMessages":false,"isSubscribed":false},"theme":
{"__ref":"Theme:customTheme1"},"boardPolicies":{"__typename":"BoardPolicies","canViewSpamDashBoard":
{"__typename":"PolicyResult","failureReason":
{"__typename":"FailureReason","message":"error.lithium.policies.feature.moderation_spam.action.access_spam_quarantine.allowed.accessDenied","key"
[]}},"canArchiveMessage":{"__typename":"PolicyResult","failureReason":
{"__typename":"FailureReason","message":"error.lithium.policies.content_archivals.enable_content_archival_settings.accessDenied","key":"error.lithium
[]}},"canPublishArticleOnCreate":{"__typename":"PolicyResult","failureReason":
{"__typename":"FailureReason","message":"error.lithium.policies.forums.policy_can_publish_on_create_workflow_action.accessDenied","key":"error.lit
[]}}},"linkProperties":
{"__typename":"LinkProperties","isExternalLinkWarningEnabled":false}},"BlogTopicMessage:message:2007610":
{"__typename":"BlogTopicMessage","uid":2007610,"subject":"Understanding \"Solorigate\"'s Identity IOCs - for Identity
Vendors and their customers.","id":"message:2007610","entityType":"BLOG_ARTICLE","eventPath":"category:microsoft-entra/category:microsoft-security/category:products-services/category:communities/community:gxcuf89792board:microsoft-entra-blog/message:2007610","revisionNum":16,"repliesCount":2,"author":
{"__ref":"User:user:221690"},"depth":0,"hasGivenKudo":false,"board":{"__ref":"Blog:board:microsoft-entra-blog"},"conversation":{"__ref":"Conversation:conversation:2007610"},"messagePolicies":
{"__typename":"MessagePolicies","canPublishArticleOnEdit":{"__typename":"PolicyResult","failureReason":
{"__typename":"FailureReason","message":"error.lithium.policies.forums.policy_can_publish_on_edit_workflow_action.accessDenied","key":"error.lithi
[]}},"canModerateSpamMessage":{"__typename":"PolicyResult","failureReason":
{"__typename":"FailureReason","message":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","key":"error.li
[]}},"canReply":{"__typename":"PolicyResult","failureReason":
{"__typename":"FailureReason","message":"error.lithium.policies.forums.action.message.reply_to_entity.allow.accessDenied","key":"error.lithium.polici
[]}},"canAcceptSolution":{"__typename":"PolicyResult","failureReason":
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 5 of 38

{"__typename":"FailureReason","message":"error.lithium.policies.accepted_solutions.action_allow.message.mark_as_accepted_solution.accessDenied","k
[]}},"canRejectSolution":{"__typename":"PolicyResult","failureReason":
{"__typename":"FailureReason","message":"error.lithium.policies.accepted_solutions.action_allow.message.unmark_as_accepted_solution.accessDenied"
[]}},"canTag":{"__typename":"PolicyResult","failureReason":
{"__typename":"FailureReason","message":"error.lithium.policies.labels.action.labelableentity.set_labels.allow.accessDenied","key":"error.lithium.policie
[]}},"canEdit":{"__typename":"PolicyResult","failureReason":
{"__typename":"FailureReason","message":"error.lithium.policies.forums.action_allow.edit_message.accessDenied","key":"error.lithium.policies.forums.
[]}},"canKudo":{"__typename":"PolicyResult","failureReason":
{"__typename":"FailureReason","message":"error.lithium.policies.kudos.action.entity.give_kudos.allow.accessDenied","key":"error.lithium.policies.kudo
[]}}},"contentWorkflow":
{"__typename":"ContentWorkflow","state":"PUBLISH","scheduledPublishTime":null,"scheduledTimezone":null,"userContext":
{"__typename":"MessageWorkflowContext","canSubmitForReview":null,"canEdit":false,"canRecall":null,"canSubmitForPublication":null,"canReturnTo
{"__ref":"ModerationData:moderation_data:2007610"},"teaser":"
In this document, we are sharing what we know about the Solorigate (https://aka.ms/solorigate) attacks from an Identity
specific lens, so Identity vendors, IAAS, PAAS, and SAAS vendors and organizations who use these products can detect,
remediate, and most importantly, prevent these and similar attacks.
\n","body":"
Microsoft recently disclosed a set of complex techniques used by an advanced actor to execute attacks against several key
customers. While we detected anomalies by analyzing requests from customer environments to the Microsoft 365 cloud, the
attacks generalize to any Identity Provider or Service provider. For this reason, we want to detail what we know about these
attacks from an Identity specific lens, so Identity vendors, IAAS, PAAS, and SAAS vendors (and organizations who use
these products) can  detect them, remediate them, and most importantly, prevent them. This document is broadly intended to
support the security teams who are focused on protection, hunting, and remediation in Identity vendors in the interest of
protecting our mutual customers. It generally assumes an advanced understanding of identity infrastructure and related
components.
\n\n
As part of our ongoing security processes, we leverage threat intelligence and monitor for new indicators that could signal
attacker activity. There are two anomalies pertinent to this report, and discussed at https://aka.ms/solorigate:
\n\n
\n
1. Anomalies in SAML tokens being presented for access. In some impacted tenants, we detected anomalous SAML
tokens - signed with customer certificates - being presented for access to the Microsoft Cloud. The anomalies indicate
that the customer SAML token signing certificates may have been compromised, and that an attacker could be
forging SAML tokens to access any resources that trust those certificates. Because compromise of a SAML token
signing certificate typically requires administrative access, there is a high probability the presence of forged tokens
implies customer on premises infrastructure may be compromised. Because the signing certificate is the root of trust
for the federated trust relationship, it is unlikely Service Providers would detect the forgeries.
\n
2. Anomalies in Microsoft 365 API access patterns in a tenant. We have detected such anomalies in some impacted
tenants which originate from an existing applications and service principals. This pattern indicates that an attacker
with administrative credentials – possibly related to the SAML issues above - has added their own credentials to
existing applications and service principals. The Microsoft 365 application program interfaces (APIs) can be used to
access email, documents, chats, and configuration settings, such as email forwarding. Because highly privileged
Azure AD administrative accounts are required to add credentials to service principals, these changes imply that one
or more such privileged accounts have been compromised and may have made other significant changes within the
impacted tenant.
\n
\n\n
Built-in security and monitoring capabilities provided by the Microsoft Cloud detected these anomalies, but such anomalies
could present at any Identity Provider or Resource Provider, regardless of vendor.  Any resource which trusts a customer’s
compromised SAML token signing certificate should be considered at risk. The SAML attack is not specific to any
particular identity system or identity vendor you use. It impacts any vendor’s on-premises or cloud identity system, and any
resources that depend on industry-standard SAML identity federation. Likewise, while the specific mechanism for
impersonating applications may vary from vendor to vendor, the pattern is vendor independent. We are not aware of any
Microsoft software or cloud service vulnerability that has led to the exposure of customer SAML token signing certificates,
the change in API usage, addition of credentials to service principals, or exposure of administrative credentials on premises
or in the cloud. The traffic detected did not impact our production cloud environment
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 6 of 38

\n\n
Elements of the activity we have detected and discuss in this blog suggest it was orchestrated by a sophisticated attacker. We
believe over time this activity may be determined to be state-sponsored, but we do not have sufficient evidence to support
that conclusion at this time.
\n\n
It is important to emphasize – these attacks were criminal in nature, and so sophisticated that even top security companies
fell victim to them. The fault lies with the criminal actor, not the victims. Further, these attacks leveraged broadly used
patterns that impact many levels of the IT industry – focusing on any one technology type or vendor limits our ability to see
systemic problems. By studying them and learning from these broad issues together, we can improve security throughout the
industry.
\n\n
We are sharing this information to help vendors who provide Identity Providers and Service Provider software and services,
as well as their customers, hunt for activity and better defend against similar attacks. We will update this information as our
investigations evolve.
\n\n\n
Identity experts may skip this section, but it may help level set terminology and understanding of key components of the
attack.
\n\n
The following describes a typical environment. However, several caveats are worth mentioning:
\n\n
\n
1. Most customers run on premises identity infrastructure. Microsoft offers popular versions of all such infrastructure,
but several other vendors offer similar infrastructure.
\n
2. Not all components of this infrastructure are present in all environments.
\n
3. The sophisticated actor adapted their attack to specific environments.
\n
\n
For these reasons, it is important that you consider how elements of the attack pattern can impact your organization, even if
your organization varies from the typical elements described below.
\n\n
Components pertinent to this attack typically include:
\n
\n
A SAML Identity Provider (IDP), which brokers authentication requests from applications to that directory.
Applications and other identity providers – called Service Providers, or SPs – refer clients to federation servers to
acquire access tokens which are signed by the SAML token signing certificate.
\n
SAML Service Providers (SP), also called Relying Parties, which are applications told to trust the tokens coming
from a federation server, and which accept claims made in SAML tokens because they are signed by the trusted
federation server’s SAML token signing certificate.
\n
Cloud Identity Providers (Cloud IDPs), which would typically act as a Service Provider to the SAML Identity
Provider but acts as an identity provider to applications which have been told to use it. (This is called Identity
Provider chaining – where one Identity provider delegates authentication to another if so configured). Azure AD is an
example of a Cloud IDP.
\n
Cloud Service Providers (Cloud SPs), which rely on the tokens issued by a cloud IDP to validate requests.
\n
Applications and Service Principals in Azure AD are two types of code that authenticate to Azure AD using
certificates, keys, or passwords and to other applications or APIs using OAuth 2.0 access tokens granted Azure AD in
order to talk to other applications, including Microsoft 365 Graph APIs.
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 7 of 38

\n
\n\n
Typical Components
\n\n
If this is new to you, you can think of tokens as a ticket to a show, the SP as the ticket taker, and the IDP as the box office,
and the signature as the little holograph on the ticket. If someone wants to go to the show, they go to the IDP, get a token,
then present it to the SP who validates the holograph then lets them into the show.
\n\n
In terms of a typical email interaction with Microsoft 365 with federated auth, think in terms of a user going to their on
premises federation server to get a signed token, then presenting that token to Microsoft 365 (via Azure AD as a chained
IDP) to get access after the signature is validated. If an application is trying to access that data, it will be pre-configured to
know the IDP location, so it will always come to Azure AD first to get the token, but otherwise the OAUTH flows are
similar.
\n\n
For SAML federation relationships where Azure AD has been configured to trust a tenant-configured SAML token signing
certificate from a customer-configured federation server, the federation server is the Identity Provider (IDP)and Azure AD is
the Service Provider (SP).
\n\n
Applications and Service Principals in Azure AD don’t use SAML or delegate trust to on premises federation servers;
credentials must be managed directly in Azure AD. 
\n\n\n\n\n
OK, let’s lay all of this out in terms of the typical attack patterns, and how you might go about looking for them. The actions
were targeted in nature and varied from target to target. Not all indicators of compromise or methodologies are present in all
cases.
\n\n
A rough overview of an indicative attack is as follows (see also https://aka.ms/solorigate). Each attack varied in details, but
this pattern emerged repeatedly:
\n\n
\n
The attacker compromises network management vendor software which is typically deployed with high privileges in
on premises networks.
\n
The attacker uses the on premises administrative access to extract SAML Token Signing certificate.
\n
The attacker uses the stolen SAML Token Signing certificate to forge SAML tokens representing privileged cloud
users.
\n
The attacker uses the forged token to sign in impersonating the privileged user and add credentials to an existing
application or service principal.
\n
The attacker uses the added credentials to impersonate the existing application or service principal, and call
Microsoft 365 APIs to extract mail.
\n
\n\n
Attacker Patterns
\n\n
The details of each phase of the attack are described below.
\n\n\n\n
The first significant pattern we have seen is evidence of forged SAML tokens. It is worth noting that we don’t retain logs for
very long. We do this in accordance with our data retention and privacy policies. It varies by agreement, but is generally is
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 8 of 38

30 days, and we never log complete tokens, so we can’t see every aspect of a SAML token. Customers who want longer
retention are encouraged to configure storage in Azure Monitor or other systems. What token anomalies we did detect were
tokens which were anomalous in lifetime, usage location, or claims (particularly MFA claims). The anomalies were
sufficient to convince us that the tokens were forged. We did not find this pattern in all cases.
\n\n\n
\n
Tokens with expiration instant exactly 3600 seconds or 144000 seconds (no milliseconds value) – note 144000 (40
hours) is exceptionally long
\n
Tokens which were received at the same time as the issuance time– no latency between creation and usage
\n
Tokens which were received BEFORE the issuance time – falsified issuance time after token received
\n
Tokens used from outside normal user locations
\n
Tokens which contained claims which were not previously seen from the tenant’s federation server
\n
Tokens indicating MFA used when token claimed auth from within corporate boundary where MFA not required
\n
\n\n
\n
SAML token signing certificate was exfiltrated from the customer environment and used to forge tokens by the actor.
\n
Administrative access to SAML Token Signing Certificate storage compromised, either via service administrative
access or by direct device storage or memory inspection.
\n
Deep penetration of the customer environment, with administrative access to identity infrastructure or the hardware
environment on which it executes.
\n
\n\n
\n
SAML Tokens received by the SP with configurations which deviate from the IDP’s configured behavior.
\n
SAML Tokens received by the SP without corresponding issuing logs at the IDP.
\n
SAML Tokens received by the SP with MFA claims but without corresponding MFA activity logs at the IDP.
\n
SAML Tokens which are received from IP addresses, agents, times, or for services which are anomalous for the
requesting identity represented in the token. 
\n
Evidence of unauthorized administrative activity.
\n
\n\n
\n
Determine mechanism of certificate exfiltration and remediate (see below)
\n
Roll all SAML token signing certificates
\n
Consider reducing your reliance on prem SAML trust where possible
\n
Consider using an HSM to manage your SAML Token Signing Certificates
\n
\n\n\n
In some cases, the SAML token forgeries described above correspond to configuration changes in the Service Provider. By
impersonating a user with valid administrative credentials, the actor can change the configuration of the SAML Service
Provider (in our case, Azure AD). In this case, the actor tells Azure AD to trust their certificate by, in effect, saying to the SP
“There’s another SAML IDP you should trust, validate it with this public key.”
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 9 of 38

\n\n
\n
Addition of federation trust relationships at the SP done which later resulted in SAML authentications of users with
administrative privileges. The attacker took care to follow naming conventions of or impersonate existing federation
server names (e.g. FED_SERVER01 exists, and they add FED_SERVERO1). The impersonated users later took
actions consistent with attacker patterns described below.
\n
Token forgeries consistent with pattern 1, above.
\n
These calls came from different IP addresses for each call and user, but generally tracked back to anonymizing VPN
servers.
\n
\n\n
\n
Administrative access to the Azure AD was gained.
\n
Attacker may have been unable to gain a toe-hold on premises, or was experimenting with other persistence
mechanisms.
\n
Attacker may have been unable to exfiltrate tokens, possibly due to use of HSM.
\n
\n\n
\n
Anomalous administrative session associated with modification of federation trust relationships.
\n
\n\n
\n
Review all federation trust relationships, ensure all are valid.
\n
Determine mechanism of administrative account impersonation (see below).
\n
Roll administrative account credentials.
\n
\n\n\n
Once the attacker was able to impersonate a privileged Azure AD admin account, they added credentials to existing
applications or service principals, usually with the permissions they wanted already associated and high traffic patterns (e.g.
mail archival applications). There are some cases in which we see the attacker add permissions to existing applications or
service principals. We also see cases in which a new application or service principal was set up for a short while and used to
add the permissions to the existing applications or service principals, possibly to add a layer of indirection (e.g. using it to
add a credential to another service principal, then deleting it).
\n\n
\n
Addition of federation trust relationships at the SP done which later resulted in SAML authentications of users with
administrative privileges. The impersonated users later took actions consistent with attacker patterns described below.
\n
Service Principals added into well known administrative roles such as Tenant Admin or Cloud Application Admin.
\n
Reconnaissance to identify existing applications with application roles that have permissions to call Microsoft Graph.
\n
The applications or service principals impersonated were different from customer to customer – the actor did not
have a “go to” target.
\n
The applications or service principals included both customer developer and vendor developed software.
\n
No Microsoft 365 applications or service principals were used impersonated (customer credentials cannot be added to
these applications and service principals).
\n
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 10 of 38

Token forgeries consistent with pattern 1, above.
\n
\n\n
\n
Administrative access to the Azure AD was gained.
\n
Attacker did extensive recon to find unique applications which could be used to obfuscate their activity.
\n
\n\n
\n
Anomalous administrative session associated with modification of federation trust relationships.
\n
Unexpected service principals added to privileged roles in cloud environments.
\n
\n\n
\n
Review all applications and service principals for credential modification activity.
\n
Review all applications and service principals for excess permissions.
\n
Remove all inactive service principals from your environment.
\n
Regularly roll creds for all applications and service principals.
\n
\n\n\n
With credentials added to an existing application or service principal, the actor proceeded to acquire an OAUTH access
token for the application using the forged credentials, and call APIs with the permissions which had been assigned to that
applications. Most of the API calls we detected were focused on email and document extraction, but in some cases API calls
added users, or added permissions to other applications or service principals. Calls were generally very targeted,
synchronizing then monitoring email for specific users.
\n\n
\n
Application calls attempting to authenticated to Microsoft Graph resource with applicationID: \"00000003-0000-
0000-c000-000000000000\"
\n
Impersonated calls to the Microsoft Graph Mail.Read and Mail.ReadWrite endpoints.
\n
Impersonating calls came from anomalous endpoints. These endpoints were not repeated from customer to customer.
The endpoints were usually Virtual Private Server (VPS) vendors.
\n
\n\n
\n
Attacker was primarily interested in persistence and reconnaissance.
\n
Attacker was attempting to obfuscate their activity.
\n
\n\n
\n
Anomalous requests to your resources from trusted applications or service principals.
\n
Requests from service principals that added or modified groups, users, applications, service principals, or trust
relationships.
\n
\n\n
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 11 of 38

\n
Review all federation trust relationships, ensure all are valid.
\n
Determine mechanism of administrative account impersonation (see below).
\n
Roll administrative account credentials.
\n
\n\n\n\n
This section relates other observations of attacker behavior.
\n\n\n
Our optics into on premises behavior are limited, but here are the indicators we have as to how on premises access was
gained. We recommend using on premises tools like Microsoft Defender for Identity (formerly Azure ATP) to detect other
anomalies:
\n
\n
Compromised network management software used as command and control to place malicious binaries which
exfiltrated SAML token signing certificate.
\n
Compromised vendor credentials with existing administrative access (vendor network compromised).
\n
Compromised service account credentials associated with compromised vendor software.
\n
Use of non-MFA service account.
\n
\n\n
For administrative access to the Microsoft 365 cloud, we observed:
\n
\n
Forged SAML tokens impersonating accounts with cloud administrative privileges.
\n
Accounts without MFA required – these are easily compromised (see https://aka.ms/yourpassworddoesntmatter)
\n
Access from trusted vendor accounts where the attacker had compromised the vendor environment.
\n
\n\n\n\n
This graph summarizes the vectors and combinations tracked in this document.
\n\n\n\n\n\n\n
The following guidance may assist customers in protecting their environments.
\n\n
\n
We published an Azure AD Workbook to help you hunt for the behaviors described in this document.
\n
To protect Microsoft 365 resources from a compromise of on-premises environments: https://aka.ms/protectm365
\n
If your organization has been compromised, review recovery guidance from DART at
https://aka.ms/dartrecoveryguide 
\n
To configure for Zero Trust to increase explicit request verification, least privileged access, and assumed breach
protection: https://aka.ms/ztguide
\n
\n\n\n\n
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 12 of 38

The Solarwinds attack is an ongoing investigation, and our teams continue to act as first responders to these attacks. As new
information becomes available, we will make updates through our Microsoft Security Response Center (MSRC) blog
at https://aka.ms/solorigate.
\n\n\n\n","body@stringLength":"26521","rawBody":"
Microsoft recently disclosed a set of complex techniques used by an advanced actor to execute attacks against several key
customers. While we detected anomalies by analyzing requests from customer environments to the Microsoft 365 cloud, the
attacks generalize to any Identity Provider or Service provider. For this reason, we want to detail what we know about these
attacks from an Identity specific lens, so Identity vendors, IAAS, PAAS, and SAAS vendors (and organizations who use
these products) can  detect them, remediate them, and most importantly, prevent them. This document is broadly intended to
support the security teams who are focused on protection, hunting, and remediation in Identity vendors in the interest of
protecting our mutual customers. It generally assumes an advanced understanding of identity infrastructure and related
components.
\n\n
As part of our ongoing security processes, we leverage threat intelligence and monitor for new indicators that could signal
attacker activity. There are two anomalies pertinent to this report, and discussed at https://aka.ms/solorigate:
\n\n
\n
1. Anomalies in SAML tokens being presented for access. In some impacted tenants, we detected anomalous SAML
tokens - signed with customer certificates - being presented for access to the Microsoft Cloud. The anomalies indicate
that the customer SAML token signing certificates may have been compromised, and that an attacker could be
forging SAML tokens to access any resources that trust those certificates. Because compromise of a SAML token
signing certificate typically requires administrative access, there is a high probability the presence of forged tokens
implies customer on premises infrastructure may be compromised. Because the signing certificate is the root of trust
for the federated trust relationship, it is unlikely Service Providers would detect the forgeries.
\n
2. Anomalies in Microsoft 365 API access patterns in a tenant. We have detected such anomalies in some impacted
tenants which originate from an existing applications and service principals. This pattern indicates that an attacker
with administrative credentials – possibly related to the SAML issues above - has added their own credentials to
existing applications and service principals. The Microsoft 365 application program interfaces (APIs) can be used to
access email, documents, chats, and configuration settings, such as email forwarding. Because highly privileged
Azure AD administrative accounts are required to add credentials to service principals, these changes imply that one
or more such privileged accounts have been compromised and may have made other significant changes within the
impacted tenant.
\n
\n\n
Built-in security and monitoring capabilities provided by the Microsoft Cloud detected these anomalies, but such anomalies
could present at any Identity Provider or Resource Provider, regardless of vendor.  Any resource which trusts a customer’s
compromised SAML token signing certificate should be considered at risk. The SAML attack is not specific to any
particular identity system or identity vendor you use. It impacts any vendor’s on-premises or cloud identity system, and any
resources that depend on industry-standard SAML identity federation. Likewise, while the specific mechanism for
impersonating applications may vary from vendor to vendor, the pattern is vendor independent. We are not aware of any
Microsoft software or cloud service vulnerability that has led to the exposure of customer SAML token signing certificates,
the change in API usage, addition of credentials to service principals, or exposure of administrative credentials on premises
or in the cloud. The traffic detected did not impact our production cloud environment
\n\n
Elements of the activity we have detected and discuss in this blog suggest it was orchestrated by a sophisticated attacker. We
believe over time this activity may be determined to be state-sponsored, but we do not have sufficient evidence to support
that conclusion at this time.
\n\n
It is important to emphasize – these attacks were criminal in nature, and so sophisticated that even top security companies
fell victim to them. The fault lies with the criminal actor, not the victims. Further, these attacks leveraged broadly used
patterns that impact many levels of the IT industry – focusing on any one technology type or vendor limits our ability to see
systemic problems. By studying them and learning from these broad issues together, we can improve security throughout the
industry.
\n\n
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 13 of 38

We are sharing this information to help vendors who provide Identity Providers and Service Provider software and services,
as well as their customers, hunt for activity and better defend against similar attacks. We will update this information as our
investigations evolve.
\n\n
First things first – understanding typical environments
\n
Identity experts may skip this section, but it may help level set terminology and understanding of key components of the
attack.
\n\n
The following describes a typical environment. However, several caveats are worth mentioning:
\n\n
\n
1. Most customers run on premises identity infrastructure. Microsoft offers popular versions of all such infrastructure,
but several other vendors offer similar infrastructure.
\n
2. Not all components of this infrastructure are present in all environments.
\n
3. The sophisticated actor adapted their attack to specific environments.
\n
\n
For these reasons, it is important that you consider how elements of the attack pattern can impact your organization, even if
your organization varies from the typical elements described below.
\n\n
Components pertinent to this attack typically include:
\n
\n
A SAML Identity Provider (IDP), which brokers authentication requests from applications to that directory.
Applications and other identity providers – called Service Providers, or SPs – refer clients to federation servers to
acquire access tokens which are signed by the SAML token signing certificate.
\n
SAML Service Providers (SP), also called Relying Parties, which are applications told to trust the tokens coming
from a federation server, and which accept claims made in SAML tokens because they are signed by the trusted
federation server’s SAML token signing certificate.
\n
Cloud Identity Providers (Cloud IDPs), which would typically act as a Service Provider to the SAML Identity
Provider but acts as an identity provider to applications which have been told to use it. (This is called Identity
Provider chaining – where one Identity provider delegates authentication to another if so configured). Azure AD is an
example of a Cloud IDP.
\n
Cloud Service Providers (Cloud SPs), which rely on the tokens issued by a cloud IDP to validate requests.
\n
Applications and Service Principals in Azure AD are two types of code that authenticate to Azure AD using
certificates, keys, or passwords and to other applications or APIs using OAuth 2.0 access tokens granted Azure AD in
order to talk to other applications, including Microsoft 365 Graph APIs.
\n
\n\n
Typical Components
\n\n
If this is new to you, you can think of tokens as a ticket to a show, the SP as the ticket taker, and the IDP as the box office,
and the signature as the little holograph on the ticket. If someone wants to go to the show, they go to the IDP, get a token,
then present it to the SP who validates the holograph then lets them into the show.
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 14 of 38

\n\n
In terms of a typical email interaction with Microsoft 365 with federated auth, think in terms of a user going to their on
premises federation server to get a signed token, then presenting that token to Microsoft 365 (via Azure AD as a chained
IDP) to get access after the signature is validated. If an application is trying to access that data, it will be pre-configured to
know the IDP location, so it will always come to Azure AD first to get the token, but otherwise the OAUTH flows are
similar.
\n\n
For SAML federation relationships where Azure AD has been configured to trust a tenant-configured SAML token signing
certificate from a customer-configured federation server, the federation server is the Identity Provider (IDP)and Azure AD is
the Service Provider (SP).
\n\n
Applications and Service Principals in Azure AD don’t use SAML or delegate trust to on premises federation servers;
credentials must be managed directly in Azure AD. 
\n\n\n
Attacker Patterns
\n\n
OK, let’s lay all of this out in terms of the typical attack patterns, and how you might go about looking for them. The actions
were targeted in nature and varied from target to target. Not all indicators of compromise or methodologies are present in all
cases.
\n\n
A rough overview of an indicative attack is as follows (see also https://aka.ms/solorigate). Each attack varied in details, but
this pattern emerged repeatedly:
\n\n
\n
The attacker compromises network management vendor software which is typically deployed with high privileges in
on premises networks.
\n
The attacker uses the on premises administrative access to extract SAML Token Signing certificate.
\n
The attacker uses the stolen SAML Token Signing certificate to forge SAML tokens representing privileged cloud
users.
\n
The attacker uses the forged token to sign in impersonating the privileged user and add credentials to an existing
application or service principal.
\n
The attacker uses the added credentials to impersonate the existing application or service principal, and call
Microsoft 365 APIs to extract mail.
\n
\n\n
Attacker Patterns
\n\n
The details of each phase of the attack are described below.
\n\n\n
Pattern 1: Forged SAML tokens using Stolen SAML Token Signing Material
\n
The first significant pattern we have seen is evidence of forged SAML tokens. It is worth noting that we don’t retain logs for
very long. We do this in accordance with our data retention and privacy policies. It varies by agreement, but is generally is
30 days, and we never log complete tokens, so we can’t see every aspect of a SAML token. Customers who want longer
retention are encouraged to configure storage in Azure Monitor or other systems. What token anomalies we did detect were
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 15 of 38

tokens which were anomalous in lifetime, usage location, or claims (particularly MFA claims). The anomalies were
sufficient to convince us that the tokens were forged. We did not find this pattern in all cases.
\n\n
What we found
\n
\n
Tokens with expiration instant exactly 3600 seconds or 144000 seconds (no milliseconds value) – note 144000 (40
hours) is exceptionally long
\n
Tokens which were received at the same time as the issuance time– no latency between creation and usage
\n
Tokens which were received BEFORE the issuance time – falsified issuance time after token received
\n
Tokens used from outside normal user locations
\n
Tokens which contained claims which were not previously seen from the tenant’s federation server
\n
Tokens indicating MFA used when token claimed auth from within corporate boundary where MFA not required
\n
\n
What it implies
\n
\n
SAML token signing certificate was exfiltrated from the customer environment and used to forge tokens by the actor.
\n
Administrative access to SAML Token Signing Certificate storage compromised, either via service administrative
access or by direct device storage or memory inspection.
\n
Deep penetration of the customer environment, with administrative access to identity infrastructure or the hardware
environment on which it executes.
\n
\n
What to look for
\n
\n
SAML Tokens received by the SP with configurations which deviate from the IDP’s configured behavior.
\n
SAML Tokens received by the SP without corresponding issuing logs at the IDP.
\n
SAML Tokens received by the SP with MFA claims but without corresponding MFA activity logs at the IDP.
\n
SAML Tokens which are received from IP addresses, agents, times, or for services which are anomalous for the
requesting identity represented in the token. 
\n
Evidence of unauthorized administrative activity.
\n
\n
What to do
\n
\n
Determine mechanism of certificate exfiltration and remediate (see below)
\n
Roll all SAML token signing certificates
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 16 of 38

\n
Consider reducing your reliance on prem SAML trust where possible
\n
Consider using an HSM to manage your SAML Token Signing Certificates
\n
\n\n
Pattern 2: Illegitimate registrations of SAML Trust Relationships
\n
In some cases, the SAML token forgeries described above correspond to configuration changes in the Service Provider. By
impersonating a user with valid administrative credentials, the actor can change the configuration of the SAML Service
Provider (in our case, Azure AD). In this case, the actor tells Azure AD to trust their certificate by, in effect, saying to the SP
“There’s another SAML IDP you should trust, validate it with this public key.”
\n
What we found
\n
\n
Addition of federation trust relationships at the SP done which later resulted in SAML authentications of users with
administrative privileges. The attacker took care to follow naming conventions of or impersonate existing federation
server names (e.g. FED_SERVER01 exists, and they add FED_SERVERO1). The impersonated users later took
actions consistent with attacker patterns described below.
\n
Token forgeries consistent with pattern 1, above.
\n
These calls came from different IP addresses for each call and user, but generally tracked back to anonymizing VPN
servers.
\n
\n
What it implies
\n
\n
Administrative access to the Azure AD was gained.
\n
Attacker may have been unable to gain a toe-hold on premises, or was experimenting with other persistence
mechanisms.
\n
Attacker may have been unable to exfiltrate tokens, possibly due to use of HSM.
\n
\n
What to look for
\n
\n
Anomalous administrative session associated with modification of federation trust relationships.
\n
\n
What to do
\n
\n
Review all federation trust relationships, ensure all are valid.
\n
Determine mechanism of administrative account impersonation (see below).
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 17 of 38

\n
Roll administrative account credentials.
\n
\n\n
Pattern 3: Adding credentials to existing applications
\n
Once the attacker was able to impersonate a privileged Azure AD admin account, they added credentials to existing
applications or service principals, usually with the permissions they wanted already associated and high traffic patterns (e.g.
mail archival applications). There are some cases in which we see the attacker add permissions to existing applications or
service principals. We also see cases in which a new application or service principal was set up for a short while and used to
add the permissions to the existing applications or service principals, possibly to add a layer of indirection (e.g. using it to
add a credential to another service principal, then deleting it).
\n
What we found
\n
\n
Addition of federation trust relationships at the SP done which later resulted in SAML authentications of users with
administrative privileges. The impersonated users later took actions consistent with attacker patterns described below.
\n
Service Principals added into well known administrative roles such as Tenant Admin or Cloud Application Admin.
\n
Reconnaissance to identify existing applications with application roles that have permissions to call Microsoft Graph.
\n
The applications or service principals impersonated were different from customer to customer – the actor did not
have a “go to” target.
\n
The applications or service principals included both customer developer and vendor developed software.
\n
No Microsoft 365 applications or service principals were used impersonated (customer credentials cannot be added to
these applications and service principals).
\n
Token forgeries consistent with pattern 1, above.
\n
\n
What it implies
\n
\n
Administrative access to the Azure AD was gained.
\n
Attacker did extensive recon to find unique applications which could be used to obfuscate their activity.
\n
\n
What to look for
\n
\n
Anomalous administrative session associated with modification of federation trust relationships.
\n
Unexpected service principals added to privileged roles in cloud environments.
\n
\n
What to do
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 18 of 38

\n
\n
Review all applications and service principals for credential modification activity.
\n
Review all applications and service principals for excess permissions.
\n
Remove all inactive service principals from your environment.
\n
Regularly roll creds for all applications and service principals.
\n
\n\n
Pattern 4: Queries impersonating existing applications
\n
With credentials added to an existing application or service principal, the actor proceeded to acquire an OAUTH access
token for the application using the forged credentials, and call APIs with the permissions which had been assigned to that
applications. Most of the API calls we detected were focused on email and document extraction, but in some cases API calls
added users, or added permissions to other applications or service principals. Calls were generally very targeted,
synchronizing then monitoring email for specific users.
\n
What we found
\n
\n
Application calls attempting to authenticated to Microsoft Graph resource with applicationID: \"00000003-0000-
0000-c000-000000000000\"
\n
Impersonated calls to the Microsoft Graph Mail.Read and Mail.ReadWrite endpoints.
\n
Impersonating calls came from anomalous endpoints. These endpoints were not repeated from customer to customer.
The endpoints were usually Virtual Private Server (VPS) vendors.
\n
\n
What it implies
\n
\n
Attacker was primarily interested in persistence and reconnaissance.
\n
Attacker was attempting to obfuscate their activity.
\n
\n
What to look for
\n
\n
Anomalous requests to your resources from trusted applications or service principals.
\n
Requests from service principals that added or modified groups, users, applications, service principals, or trust
relationships.
\n
\n
What to do
\n
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 19 of 38

\n
Review all federation trust relationships, ensure all are valid.
\n
Determine mechanism of administrative account impersonation (see below).
\n
Roll administrative account credentials.
\n
\n\n
Other Observations
\n\n
This section relates other observations of attacker behavior.
\n\n
Attacker access to on premises resources
\n
Our optics into on premises behavior are limited, but here are the indicators we have as to how on premises access was
gained. We recommend using on premises tools like Microsoft Defender for Identity (formerly Azure ATP) to detect other
anomalies:
\n
\n
Compromised network management software used as command and control to place malicious binaries which
exfiltrated SAML token signing certificate.
\n
Compromised vendor credentials with existing administrative access (vendor network compromised).
\n
Compromised service account credentials associated with compromised vendor software.
\n
Use of non-MFA service account.
\n
\n
Attacker access to cloud resources
\n
For administrative access to the Microsoft 365 cloud, we observed:
\n
\n
Forged SAML tokens impersonating accounts with cloud administrative privileges.
\n
Accounts without MFA required – these are easily compromised (see https://aka.ms/yourpassworddoesntmatter)
\n
Access from trusted vendor accounts where the attacker had compromised the vendor environment.
\n
\n\n
Identity Attack Graph
\n\n
This graph summarizes the vectors and combinations tracked in this document.
\n\n\n\n\n
Other Guidance
\n\n
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 20 of 38

The following guidance may assist customers in protecting their environments.
\n\n
\n
We published an Azure AD Workbook to help you hunt for the behaviors described in this document.
\n
To protect Microsoft 365 resources from a compromise of on-premises environments: https://aka.ms/protectm365
\n
If your organization has been compromised, review recovery guidance from DART at
https://aka.ms/dartrecoveryguide 
\n
To configure for Zero Trust to increase explicit request verification, least privileged access, and assumed breach
protection: https://aka.ms/ztguide
\n
\n\n
Stay up to date
\n\n
The Solarwinds attack is an ongoing investigation, and our teams continue to act as first responders to these attacks. As new
information becomes available, we will make updates through our Microsoft Security Response Center (MSRC) blog
at https://aka.ms/solorigate.
\n\n\n\n","kudosSumWeight":13,"postTime":"2020-12-21T11:46:36.217-08:00","images":
{"__typename":"AssociatedImageConnection","edges":
[{"__typename":"AssociatedImageEdge","cursor":"MjYuMXwyLjF8b3wyNXxfTlZffDE","node":
{"__ref":"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yMDA3NjEwLTI0MjE1N2k5N0I1MTNDODkxMkExQ0FE?
revision=16\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjYuMXwyLjF8b3wyNXxfTlZffDI","node":
{"__ref":"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yMDA3NjEwLTI0MjE1NGlCODZCMEJDRkVFMTNFOTA3?
revision=16\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjYuMXwyLjF8b3wyNXxfTlZffDM","node":
{"__ref":"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yMDA3NjEwLTI0MjE1NmlERUU4OEJGQkI2RkMzMDlE?
revision=16\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjYuMXwyLjF8b3wyNXxfTlZffDQ","node":
{"__ref":"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yMDA3NjEwLTI0MjE0M2k4QTMzMzZEMzZEQkMyREM2?
revision=16\"}"}}],"totalCount":4,"pageInfo":
{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"attachments":
{"__typename":"AttachmentConnection","pageInfo":
{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":
[]},"tags":{"__typename":"TagConnection","pageInfo":
{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":
[]},"timeToRead":12,"rawTeaser":"
In this document, we are sharing what we know about the Solorigate (https://aka.ms/solorigate) attacks from an Identity
specific lens, so Identity vendors, IAAS, PAAS, and SAAS vendors and organizations who use these products can detect,
remediate, and most importantly, prevent these and similar attacks.
\n","introduction":"","coverImage":null,"coverImageProperties":
{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""},"currentRevision":
{"__ref":"Revision:revision:2007610_16"},"latestVersion":
{"__typename":"FriendlyVersion","major":"16","minor":"0"},"metrics":
{"__typename":"MessageMetrics","views":89939},"read":false,"visibilityScope":"PUBLIC","canonicalUrl":"https://aka.ms/solorigateIdentityiocs","seoT
AzureAd IOCs","seoDescription":"Solarwinds solorigate IOCS
Identity","placeholder":false,"originalMessageForPlaceholder":null,"contributors":
{"__typename":"UserConnection","edges":[]},"nonCoAuthorContributors":{"__typename":"UserConnection","edges":
[]},"coAuthors":{"__typename":"UserConnection","edges":[]},"blogMessagePolicies":
{"__typename":"BlogMessagePolicies","canDoAuthoringActionsOnBlog":{"__typename":"PolicyResult","failureReason":
{"__typename":"FailureReason","message":"error.lithium.policies.blog.action_can_do_authoring_action.accessDenied","key":"error.lithium.policies.blog
[]}}},"archivalData":null,"customFields":[],"revisions({\"constraints\":{\"isPublished\":{\"eq\":true}}})":
{"__typename":"RevisionConnection","totalCount":16}},"Conversation:conversation:2007610":
{"__typename":"Conversation","id":"conversation:2007610","solved":false,"topic":
{"__ref":"BlogTopicMessage:message:2007610"},"lastPostingActivityTime":"2021-08-19T16:22:14.414-
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 21 of 38

07:00","lastPostTime":"2021-02-01T03:41:12.692-
08:00","unreadReplyCount":2,"isSubscribed":false},"ModerationData:moderation_data:2007610":
{"__typename":"ModerationData","id":"moderation_data:2007610","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":nu
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yMDA3NjEwLTI0MjE1N2k5N0I1MTNDODkxMkExQ0FE?
revision=16\"}":
{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yMDA3NjEwLTI0MjE1N2k5N0I1MTNDO
revision=16","title":"Attack
overview.png","associationType":"TEASER","width":832,"height":481,"altText":null},"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yMDA3NjEwLTI0MjE1NGlCODZCMEJDRkVFMTNFOTA3?
revision=16\"}":
{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yMDA3NjEwLTI0MjE1NGlCODZCMEJDR
revision=16","title":"Components.png","associationType":"BODY","width":672,"height":277,"altText":null},"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yMDA3NjEwLTI0MjE1NmlERUU4OEJGQkI2RkMzMDlE?
revision=16\"}":
{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yMDA3NjEwLTI0MjE1NmlERUU4OEJGQ
revision=16","title":"Attack
overview.png","associationType":"BODY","width":832,"height":481,"altText":null},"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yMDA3NjEwLTI0MjE0M2k4QTMzMzZEMzZEQkMyREM2?
revision=16\"}":
{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0yMDA3NjEwLTI0MjE0M2k4QTMzMzZEM
revision=16","title":"Graph.png","associationType":"BODY","width":832,"height":400,"altText":null},"Revision:revision:2007610_16":
{"__typename":"Revision","id":"revision:2007610_16","lastEditTime":"2021-08-19T16:22:14.414-
07:00"},"CachedAsset:theme:customTheme1-1775110359467":{"__typename":"CachedAsset","id":"theme:customTheme1-
1775110359467","value":{"id":"customTheme1","animation":
{"fast":"150ms","normal":"250ms","slow":"500ms","slowest":"750ms","function":"cubic-bezier(0.07, 0.91, 0.51,
1)","__typename":"AnimationThemeSettings"},"avatar":{"borderRadius":"50%","collections":
["default"],"__typename":"AvatarThemeSettings"},"basics":{"browserIcon":{"imageAssetName":"favicon-1730836283320.png","imageLastModified":"1730836286415","__typename":"ThemeAsset"},"customerLogo":
{"imageAssetName":"favicon-1730836271365.png","imageLastModified":"1730836274203","__typename":"ThemeAsset"},"maximumWidthOfPageContent":"1300px","oneColumnN
{"borderRadiusSm":"3px","borderRadius":"3px","borderRadiusLg":"5px","paddingY":"5px","paddingYLg":"7px","paddingYHero":"var(-
-lia-bs-btn-padding-y-lg)","paddingX":"12px","paddingXLg":"16px","paddingXHero":"60px","fontStyle":"NORMAL","fontWeight":"700","textTransform":"NONE","disabled
-lia-bs-white)","primaryTextHoverColor":"var(--lia-bs-white)","primaryTextActiveColor":"var(--lia-bs-white)","primaryBgColor":"var(--lia-bs-primary)","primaryBgHoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.85))","primaryBgActiveColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.7))","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid
transparent","primaryBorderActive":"1px solid transparent","primaryBorderFocus":"1px solid var(--lia-bs-white)","primaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","secondaryTextColor":"var(--lia-bs-gray-900)","secondaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) *
0.95))","secondaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) *
0.9))","secondaryBgColor":"var(--lia-bs-gray-200)","secondaryBgHoverColor":"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.96))","secondaryBgActiveColor":"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.92))","secondaryBorder":"1px solid
transparent","secondaryBorderHover":"1px solid transparent","secondaryBorderActive":"1px solid
transparent","secondaryBorderFocus":"1px solid transparent","secondaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l),
0.2)","tertiaryTextColor":"var(--lia-bs-gray-900)","tertiaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","tertiaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-
s), calc(var(--lia-bs-gray-900-l) *
0.9))","tertiaryBgColor":"transparent","tertiaryBgHoverColor":"transparent","tertiaryBgActiveColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.04)","tertiaryBorder":"1px solid
transparent","tertiaryBorderHover":"1px solid hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l),
0.08)","tertiaryBorderActive":"1px solid transparent","tertiaryBorderFocus":"1px solid
transparent","tertiaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","destructiveTextColor":"var(--lia-bs-danger)","destructiveTextHoverColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) *
0.95))","destructiveTextActiveColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) *
0.9))","destructiveBgColor":"var(--lia-bs-gray-200)","destructiveBgHoverColor":"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.96))","destructiveBgActiveColor":"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.92))","destructiveBorder":"1px solid
transparent","destructiveBorderHover":"1px solid transparent","destructiveBorderActive":"1px solid
transparent","destructiveBorderFocus":"1px solid transparent","destructiveBoxShadowFocus":"0 0 0 1px var(--lia-bs-https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 22 of 38

primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l),
0.2)","__typename":"ButtonsThemeSettings"},"border":{"color":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l),
0.08)","mainContent":"NONE","sideContent":"LIGHT","radiusSm":"3px","radius":"5px","radiusLg":"9px","radius50":"100vw","__typename":"BorderT
{"xs":"0 0 0 1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08), 0 3px 0 -1px
hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.16)","sm":"0 2px 4px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.12)","md":"0 5px 15px hsla(var(--lia-bs-gray-900-h), var(--
lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.3)","lg":"0 10px 30px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s),
var(--lia-bs-gray-900-l), 0.3)","__typename":"BoxShadowThemeSettings"},"cards":{"bgColor":"var(--lia-panel-bg-color)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":"var(--lia-box-shadow-xs)","__typename":"CardsThemeSettings"},"chip":
{"maxWidth":"300px","height":"30px","__typename":"ChipThemeSettings"},"coreTypes":
{"defaultMessageLinkColor":"var(--lia-bs-link-color)","defaultMessageLinkDecoration":"none","defaultMessageLinkFontStyle":"NORMAL","defaultMessageLinkFontWeight":"400","defaultMessageF
-lia-bs-font-family-base)","forumColor":"#4099E2","forumFontFamily":"var(--lia-bs-font-family-base)","forumFontWeight":"var(--lia-default-message-font-weight)","forumLineHeight":"var(--lia-bs-line-height-base)","forumFontStyle":"var(--lia-default-message-font-style)","forumMessageLinkColor":"var(--lia-default-message-link-color)","forumMessageLinkDecoration":"var(--lia-default-message-link-decoration)","forumMessageLinkFontStyle":"var(--
lia-default-message-link-font-style)","forumMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","forumSolvedColor":"#148563","blogColor":"#1CBAA0","blogFontFamily":"var(--lia-bs-font-family-base)","blogFontWeight":"var(--lia-default-message-font-weight)","blogLineHeight":"1.75","blogFontStyle":"var(--lia-default-message-font-style)","blogMessageLinkColor":"var(--lia-default-message-link-color)","blogMessageLinkDecoration":"var(--lia-default-message-link-decoration)","blogMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","blogMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","tkbColor":"#4C6B90","tkbFontFamily":"var(--lia-bs-font-family-base)","tkbFontWeight":"var(--lia-default-message-font-weight)","tkbLineHeight":"1.75","tkbFontStyle":"var(--lia-default-message-font-style)","tkbMessageLinkColor":"var(--lia-default-message-link-color)","tkbMessageLinkDecoration":"var(--lia-default-message-link-decoration)","tkbMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","tkbMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaColor":"#4099E2","qandaFontFamily":"var(--lia-bs-font-family-base)","qandaFontWeight":"var(--lia-default-message-font-weight)","qandaLineHeight":"var(--lia-bs-line-height-base)","qandaFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkColor":"var(--lia-default-message-link-color)","qandaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","qandaMessageLinkFontStyle":"var(--
lia-default-message-link-font-style)","qandaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaSolvedColor":"#3FA023","ideaColor":"#FF8000","ideaFontFamily":"var(--lia-bs-font-family-base)","ideaFontWeight":"var(--lia-default-message-font-weight)","ideaLineHeight":"var(--lia-bs-line-height-base)","ideaFontStyle":"var(--lia-default-message-font-style)","ideaMessageLinkColor":"var(--lia-default-message-link-color)","ideaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","ideaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","ideaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","contestColor":"#FCC845","contestFontFamily":"var(--lia-bs-font-family-base)","contestFontWeight":"var(--lia-default-message-font-weight)","contestLineHeight":"var(--lia-bs-line-height-base)","contestFontStyle":"var(--lia-default-message-link-font-style)","contestMessageLinkColor":"var(--lia-default-message-link-color)","contestMessageLinkDecoration":"var(--lia-default-message-link-decoration)","contestMessageLinkFontStyle":"ITALIC","contestMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","occasionColor":"#bc341b","occasionFontFamily":"var(--lia-bs-font-family-base)","occasionFontWeight":"var(--lia-default-message-font-weight)","occasionLineHeight":"var(--lia-bs-line-height-base)","occasionFontStyle":"var(--lia-default-message-font-style)","occasionMessageLinkColor":"var(--lia-default-message-link-color)","occasionMessageLinkDecoration":"var(--lia-default-message-link-decoration)","occasionMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","occasionMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","grouphubColor":"#333333","categoryColor":"#949494","communityColor":"#FFFFFF","productColor":"#949494","__typename":"CoreTypesT
{"black":"#000000","white":"#FFFFFF","gray100":"#F7F7F7","gray200":"#F7F7F7","gray300":"#E8E8E8","gray400":"#D9D9D9","gray500":"#CCCC
-lia-bs-primary)","custom":["#D3F5A4","#243A5E"],"__typename":"ColorsThemeSettings"},"divider":
{"size":"3px","marginLeft":"4px","marginRight":"4px","borderRadius":"50%","bgColor":"var(--lia-bs-gray-600)","bgColorActive":"var(--lia-bs-gray-600)","__typename":"DividerThemeSettings"},"dropdown":{"fontSize":"var(--
lia-bs-font-size-sm)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius-sm)","dividerBg":"var(--lia-bs-gray-300)","itemPaddingY":"5px","itemPaddingX":"20px","headerColor":"var(--lia-bs-gray-700)","__typename":"DropdownThemeSettings"},"email":{"link":
{"color":"#0069D4","hoverColor":"#0061c2","decoration":"none","hoverDecoration":"underline","__typename":"EmailLinkSettings"},"border":
{"color":"#e4e4e4","__typename":"EmailBorderSettings"},"buttons":
{"borderRadiusLg":"5px","paddingXLg":"16px","paddingYLg":"7px","fontWeight":"700","primaryTextColor":"#ffffff","primaryTextHoverColor":"#fffff
solid transparent","primaryBorderHover":"1px solid transparent","__typename":"EmailButtonsSettings"},"panel":
{"borderRadius":"5px","borderColor":"#e4e4e4","__typename":"EmailPanelSettings"},"__typename":"EmailThemeSettings"},"emoji":
{"skinToneDefault":"#ffcd43","skinToneLight":"#fae3c5","skinToneMediumLight":"#e2cfa5","skinToneMedium":"#daa478","skinToneMediumDark":"#
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 23 of 38

{"color":"var(--lia-bs-body-color)","fontFamily":"Segoe
UI","fontStyle":"NORMAL","fontWeight":"400","h1FontSize":"34px","h2FontSize":"32px","h3FontSize":"28px","h4FontSize":"24px","h5FontSize":"20
-lia-bs-headings-font-weight)","h2FontWeight":"var(--lia-bs-headings-font-weight)","h3FontWeight":"var(--lia-bs-headings-font-weight)","h4FontWeight":"var(--lia-bs-headings-font-weight)","h5FontWeight":"var(--lia-bs-headings-font-weight)","h6FontWeight":"var(--lia-bs-headings-font-weight)","__typename":"HeadingThemeSettings"},"icons":
{"size10":"10px","size12":"12px","size14":"14px","size16":"16px","size20":"20px","size24":"24px","size30":"30px","size40":"40px","size50":"50px","s
{"bgColor":"var(--lia-bs-gray-900)","titleColor":"var(--lia-bs-white)","controlColor":"var(--lia-bs-white)","controlBgColor":"var(--lia-bs-gray-800)","__typename":"ImagePreviewThemeSettings"},"input":
{"borderColor":"var(--lia-bs-gray-600)","disabledColor":"var(--lia-bs-gray-600)","focusBorderColor":"var(--lia-bs-primary)","labelMarginBottom":"10px","btnFontSize":"var(--lia-bs-font-size-sm)","focusBoxShadow":"0 0 0 3px hsla(var(-
-lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l),
0.2)","checkLabelMarginBottom":"2px","checkboxBorderRadius":"3px","borderRadiusSm":"var(--lia-bs-border-radius-sm)","borderRadius":"var(--lia-bs-border-radius)","borderRadiusLg":"var(--lia-bs-border-radius-lg)","formTextMarginTop":"4px","textAreaBorderRadius":"var(--lia-bs-border-radius)","activeFillColor":"var(--lia-bs-primary)","__typename":"InputThemeSettings"},"loading":{"dotDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.2)","dotLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l),
0.5)","barDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l),
0.06)","barLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l),
0.4)","__typename":"LoadingThemeSettings"},"link":{"color":"var(--lia-bs-primary)","hoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) -
10%))","decoration":"none","hoverDecoration":"underline","__typename":"LinkThemeSettings"},"listGroup":
{"itemPaddingY":"15px","itemPaddingX":"15px","borderColor":"var(--lia-bs-gray-300)","__typename":"ListGroupThemeSettings"},"modal":{"contentTextColor":"var(--lia-bs-body-color)","contentBg":"var(--lia-bs-white)","backgroundBg":"var(--lia-bs-black)","smSize":"440px","mdSize":"760px","lgSize":"1080px","backdropOpacity":0.3,"contentBoxShadowXs":"var(--lia-bs-box-shadow-sm)","contentBoxShadow":"var(--lia-bs-box-shadow)","headerFontWeight":"700","__typename":"ModalThemeSettings"},"navbar":{"position":"FIXED","background":
{"attachment":null,"clip":null,"color":"var(--lia-bs-white)","imageAssetName":"","imageLastModified":"0","origin":null,"position":"CENTER_CENTER","repeat":"NO_REPEAT","size":"COVER","__typ
solid var(--lia-bs-border-color)","boxShadow":"var(--lia-bs-box-shadow-sm)","brandMarginRight":"30px","brandMarginRightSm":"10px","brandLogoHeight":"30px","linkGap":"10px","linkJustifyContent":"flex-start","linkPaddingY":"5px","linkPaddingX":"10px","linkDropdownPaddingY":"9px","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkColor":"var(--lia-bs-body-color)","linkHoverColor":"var(--lia-bs-primary)","linkFontSize":"var(--lia-bs-font-size-sm)","linkFontStyle":"NORMAL","linkFontWeight":"400","linkTextTransform":"NONE","linkLetterSpacing":"normal","linkBorderRadius":"var(-
-lia-bs-border-radius-sm)","linkBgColor":"transparent","linkBgHoverColor":"transparent","linkBorder":"none","linkBorderHover":"none","linkBoxShadow":"none","linkBoxS
-lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h),
var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","controllerIconColor":"var(--lia-bs-body-color)","controllerIconHoverColor":"var(--lia-bs-body-color)","controllerTextColor":"var(--lia-nav-controller-icon-color)","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","controllerHighlightColor":"hsla(30, 100%,
50%)","controllerHighlightTextColor":"var(--lia-yiq-light)","controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerColor":"var(--lia-nav-controller-icon-color)","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","hamburgerBgColor":"transparent","hamburgerBgHoverColor":"transparent","hamburgerBorder":"none","hamburgerBorderHover":"none","collap
-lia-nav-link-color)","collapseMenuDividerOpacity":0.16,"__typename":"NavbarThemeSettings"},"pager":
{"textColor":"var(--lia-bs-link-color)","textFontWeight":"var(--lia-font-weight-md)","textFontSize":"var(--lia-bs-font-size-sm)","__typename":"PagerThemeSettings"},"panel":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-bs-border-radius)","borderColor":"var(--lia-bs-border-color)","boxShadow":"none","__typename":"PanelThemeSettings"},"popover":
{"arrowHeight":"8px","arrowWidth":"16px","maxWidth":"300px","minWidth":"100px","headerBg":"var(--lia-bs-white)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius)","boxShadow":"0 0.5rem
1rem hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l),
0.15)","__typename":"PopoverThemeSettings"},"prism":{"color":"#000000","bgColor":"#f5f2f0","fontFamily":"var(--font-family-monospace)","fontSize":"var(--lia-bs-font-size-base)","fontWeightBold":"var(--lia-bs-font-weight-bold)","fontStyleItalic":"italic","tabSize":2,"highlightColor":"#b3d4fc","commentColor":"#62707e","punctuationColor":"#6f6f6f","namespaceOpacity":"
0%, 100%,
0.5)","keywordColor":"#0076a9","functionColor":"#d3284b","variableColor":"#c14700","__typename":"PrismThemeSettings"},"rte":
{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":" var(--lia-panel-box-shadow)","customColor1":"#bfedd2","customColor2":"#fbeeb8","customColor3":"#f8cac6","customColor4":"#eccafa","customColor5":"#c2e0f4","custo
53%, 51%, 0.4)","diffChangedColor":"hsla(43, 97%, 63%, 0.4)","diffNoneColor":"hsla(0, 0%, 80%,
0.4)","diffRemovedColor":"hsla(9, 74%, 47%,
0.4)","specialMessageHeaderMarginTop":"40px","specialMessageHeaderMarginBottom":"20px","specialMessageItemMarginTop":"0","specialMessageIt
-lia-bs-gray-700)","tableBorderStyle":"solid","tableCellPaddingX":"5px","tableCellPaddingY":"5px","tableTextColor":"var(--lia-bs-body-color)","tableVerticalAlign":"middle","__typename":"RteThemeSettings"},"tags":{"bgColor":"var(--lia-bs-gray-https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 24 of 38

200)","bgHoverColor":"var(--lia-bs-gray-400)","borderRadius":"var(--lia-bs-border-radius-sm)","color":"var(--lia-bs-body-color)","hoverColor":"var(--lia-bs-body-color)","fontWeight":"var(--lia-font-weight-md)","fontSize":"var(--lia-font-size-xxs)","textTransform":"UPPERCASE","letterSpacing":"0.5px","__typename":"TagsThemeSettings"},"toasts":
{"borderRadius":"var(--lia-bs-border-radius)","paddingX":"12px","__typename":"ToastsThemeSettings"},"typography":
{"fontFamilyBase":"Segoe
UI","fontStyleBase":"NORMAL","fontWeightBase":"400","fontWeightLight":"300","fontWeightNormal":"400","fontWeightMd":"500","fontWeightBold
[{"source":"SERVER","name":"Segoe UI","styles":[{"style":"NORMAL","weight":"400","__typename":"FontStyleData"},
{"style":"NORMAL","weight":"300","__typename":"FontStyleData"},
{"style":"NORMAL","weight":"600","__typename":"FontStyleData"},
{"style":"NORMAL","weight":"700","__typename":"FontStyleData"},
{"style":"ITALIC","weight":"400","__typename":"FontStyleData"}],"assetNames":["SegoeUI-normal-400.woff2","SegoeUI-normal-300.woff2","SegoeUI-normal-600.woff2","SegoeUI-normal-700.woff2","SegoeUI-italic-400.woff2"],"__typename":"CustomFont"},{"source":"SERVER","name":"MWF Fluent Icons","styles":
[{"style":"NORMAL","weight":"400","__typename":"FontStyleData"}],"assetNames":["MWFFluentIcons-normal-400.woff2"],"__typename":"CustomFont"}],"__typename":"TypographyThemeSettings"},"unstyledListItem":
{"marginBottomSm":"5px","marginBottomMd":"10px","marginBottomLg":"15px","marginBottomXl":"20px","marginBottomXxl":"25px","__typename"
{"light":"#ffffff","dark":"#000000","__typename":"YiqThemeSettings"},"colorLightness":
{"primaryDark":0.36,"primaryLight":0.74,"primaryLighter":0.89,"primaryLightest":0.95,"infoDark":0.39,"infoLight":0.72,"infoLighter":0.85,"infoLighte
shared/client/components/common/Loading/LoadingDot-1775111751358":
{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-1775111751358","value":
{"title":"Loading..."},"localOverride":false},"CachedAsset:quilt:o365.prod:pages/blogs/BlogMessagePage:board:microsoft-entra-blog-1775111749253":
{"__typename":"CachedAsset","id":"quilt:o365.prod:pages/blogs/BlogMessagePage:board:microsoft-entra-blog-1775111749253","value":{"id":"BlogMessagePage","container":{"id":"Common","headerProps":
{"backgroundImageProps":null,"backgroundColor":null,"addComponents":null,"removeComponents":
["community.widget.bannerWidget"],"componentOrder":null,"__typename":"QuiltContainerSectionProps"},"headerComponentProps":
{"community.widget.breadcrumbWidget":
{"disableLastCrumbForDesktop":false}},"footerProps":null,"footerComponentProps":null,"items":[{"id":"blog-article","layout":"ONE_COLUMN","bgColor":null,"showTitle":null,"showDescription":null,"textPosition":null,"textColor":null,"sectionEditLevel":"LOC
{"main":[{"id":"blogs.widget.blogArticleWidget","className":"lia-blog-container","props":null,"__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"}},{"id":"section-1729184836777","layout":"MAIN_SIDE","bgColor":"transparent","showTitle":false,"showDescription":false,"textPosition":"CENTER","textColor":"var
-lia-bs-body-color)","sectionEditLevel":null,"bgImage":null,"disableSpacing":null,"edgeToEdgeDisplay":null,"fullHeight":null,"showBorder":null,"__typename":"Ma
{"main":[],"side":[{"id":"custom.widget.UnregisteredCTAWidget","className":null,"props":
{"widgetVisibility":"anonymousOnly","useTitle":true,"useBackground":false,"title":"","lazyLoad":false,"widgetChooser":"custom.widget.UnregisteredCT
components/common/EmailVerification-1775111751358":{"__typename":"CachedAsset","id":"text:en_US-components/common/EmailVerification-1775111751358","value":{"email.verification.title":"Email Verification
Required","email.verification.message.update.email":"To participate in the community, you must first verify your email
address. The verification email was sent to {email}. To change your email, visit My
Settings.","email.verification.message.resend.email":"To participate in the community, you must first verify your email
address. The verification email was sent to {email}. Resend email."},"localOverride":false},"CachedAsset:text:en_US-pages/blogs/BlogMessagePage-1775111751358":{"__typename":"CachedAsset","id":"text:en_US-pages/blogs/BlogMessagePage-1775111751358","value":{"title":"{contextMessageSubject} |
{communityTitle}","errorMissing":"This blog post cannot be found","name":"Blog Message Page","section.blog-article.title":"Blog Post","archivedMessageTitle":"This Content Has Been Archived","section.section-1729184836777.title":"","section.section-1729184836777.description":"","section.CncIde.title":"Blog
Post","section.tifEmD.description":"","section.tifEmD.title":""},"localOverride":false},"CachedAsset:quiltWrapper:o365.prod:Common:1775111735129"
{"__typename":"CachedAsset","id":"quiltWrapper:o365.prod:Common:1775111735129","value":
{"id":"Common","header":{"backgroundImageProps":
{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"
[{"id":"community.widget.navbarWidget","props":
{"showUserName":true,"showRegisterLink":true,"useIconLanguagePicker":true,"useLabelLanguagePicker":true,"style":
{"boxShadow":"var(--lia-bs-box-shadow-sm)","linkFontWeight":"400","controllerHighlightColor":"hsla(30, 100%,
50%)","dropdownDividerMarginBottom":"10px","hamburgerBorderHover":"none","linkFontSize":"14px","linkBoxShadowHover":"none","backgroundO
-lia-border-radius-50)","hamburgerBgColor":"transparent","linkTextBorderBottom":"none","hamburgerColor":"var(--lia-nav-controller-icon-color)","brandLogoHeight":"30px","linkLetterSpacing":"normal","linkBgHoverColor":"transparent","collapseMenuDividerOpacity":0.16,"paddingBottom
solid var(--lia-bs-border-color)","hamburgerBorder":"none","dropdownPaddingX":"10px","brandMarginRightSm":"10px","linkBoxShadow":"none","linkJustifyContent":"flex-start","linkColor":"var(--lia-bs-body-color)","collapseMenuDividerBg":"var(--lia-nav-link-color)","dropdownPaddingTop":"10px","controllerTextColor":"var(--lia-nav-controller-icon-color)","controllerHighlightTextColor":"var(--lia-yiq-dark)","background":{"imageAssetName":"","color":"var(--lia-bs-https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 25 of 38

white)","size":"COVER","repeat":"NO_REPEAT","position":"CENTER_CENTER","imageLastModified":""},"linkBorderRadius":"var(-
-lia-bs-border-radius-sm)","linkHoverColor":"var(--lia-bs-body-color)","position":"FIXED","linkBorder":"none","linkTextBorderBottomHover":"2px solid var(--lia-bs-primary)","brandMarginRight":"30px","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","linkBorderHover":"none","collapseMenuMarginLeft":"20px","linkFontStyle":"NORMAL","linkPaddingX":"10px","controllerTextHoverColor":
-lia-nav-controller-icon-hover-color)","paddingTop":"15px","linkPaddingY":"5px","linkTextTransform":"NONE","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--
lia-bs-black-s), var(--lia-bs-black-l), 0.1)","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkBgColor":"transparent","linkDropdownPaddingY":"9px","controllerIconColor":"var(--lia-bs-body-color)","dropdownDividerMarginTop":"10px","linkGap":"10px","controllerIconHoverColor":"var(--lia-bs-body-color)"},"links":{"sideLinks":[],"logoLinks":[],"mainLinks":[{"children":
[],"linkType":"INTERNAL","id":"gxcuf89792","params":{},"routeName":"CommunityPage"},{"children":
[],"linkType":"EXTERNAL","id":"community-hub-link","url":"/Directory","target":"SELF"},{"children":
[{"linkType":"INTERNAL","id":"Common-microsoft365-link","params":
{"categoryId":"microsoft365"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"Common-windows-link","params":{"categoryId":"Windows"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"Common-microsoft-security-link","params":{"categoryId":"microsoft-security"},"routeName":"CategoryPage"},
{"linkType":"INTERNAL","id":"Common-microsoft-teams-link","params":
{"categoryId":"MicrosoftTeams"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"Common-azure-link","params":{"categoryId":"Azure"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"Common-content_management-link","params":{"categoryId":"Content_Management"},"routeName":"CategoryPage"},
{"linkType":"INTERNAL","id":"Common-microsoftintune-link","params":
{"categoryId":"microsoftintune"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"Common-exchange-link","params":{"categoryId":"Exchange"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"Common-windows-server-link","params":{"categoryId":"Windows-Server"},"routeName":"CategoryPage"},
{"linkType":"INTERNAL","id":"Common-outlook-link","params":
{"categoryId":"Outlook"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"Common-microsoft365-copilot-link","params":{"categoryId":"Microsoft365Copilot"},"routeName":"CategoryPage"},
{"linkType":"EXTERNAL","id":"Common_Enntvz-view-all-products-link","url":"/Directory","target":"SELF"}],"linkType":"EXTERNAL","id":"products-link","url":"/","target":"SELF"},
{"children":[{"linkType":"INTERNAL","id":"Common-education-sector-link","params":
{"categoryId":"EducationSector"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"Common-partner-community-link","params":{"categoryId":"PartnerCommunity"},"routeName":"CategoryPage"},
{"linkType":"INTERNAL","id":"Common-healthcare-and-life-sciences-link","params":
{"categoryId":"HealthcareAndLifeSciences"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"Common-i-t-ops-talk-link","params":{"categoryId":"ITOpsTalk"},"routeName":"CategoryPage"},
{"linkType":"INTERNAL","id":"Common-public-sector-link","params":
{"categoryId":"PublicSector"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"Common-microsoftfor-nonprofits-link","params":{"categoryId":"MicrosoftforNonprofits"},"routeName":"CategoryPage"},
{"linkType":"INTERNAL","id":"Common-io-t-link","params":{"categoryId":"IoT"},"routeName":"CategoryPage"},
{"linkType":"INTERNAL","id":"Common-mvp-link","params":{"categoryId":"mvp"},"routeName":"CategoryPage"},
{"linkType":"INTERNAL","id":"Common-microsoft-mechanics-link","params":
{"categoryId":"MicrosoftMechanics"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"Common-driving-adoption-link","params":{"categoryId":"DrivingAdoption"},"routeName":"CategoryPage"},
{"linkType":"INTERNAL","id":"Common-microsoft-learn-for-educators-link","params":{"categoryId":"microsoft-learn-for-educators"},"routeName":"CategoryPage"}],"linkType":"EXTERNAL","id":"topics-link","url":"/","target":"SELF"},
{"children":[],"linkType":"EXTERNAL","id":"all-blogs-link","url":"/Blogs","target":"SELF"},{"children":
[],"linkType":"EXTERNAL","id":"all-events-link","url":"/Events","target":"SELF"},{"children":
[{"linkType":"INTERNAL","id":"Skills-Hub-link","params":{"categoryId":"skills-hub"},"routeName":"CategoryPage"},
{"linkType":"INTERNAL","id":"Skills-Hub-Blog","params":{"boardId":"skills-hub-blog","categoryId":"skills-hub"},"routeName":"BlogBoardPage"},{"linkType":"EXTERNAL","id":"ms-learn-ext-LD","url":"/category/skills-hub?
tab=grouphub","target":"BLANK"},{"linkType":"EXTERNAL","id":"ms-learn-ext-dynamics","url":"https://docs.microsoft.com/learn/dynamics365/?WT.mc_id=techcom_header-webpage-m365","target":"BLANK"},{"linkType":"EXTERNAL","id":"ms-learn-ext-m365","url":"https://docs.microsoft.com/learn/m365/?wt.mc_id=techcom_header-webpage-m365","target":"BLANK"},
{"linkType":"EXTERNAL","id":"ms-learn-ext-security","url":"https://docs.microsoft.com/learn/topics/sci/?
wt.mc_id=techcom_header-webpage-m365","target":"BLANK"},{"linkType":"EXTERNAL","id":"ms-learn-ext-pp","url":"https://docs.microsoft.com/learn/powerplatform/?wt.mc_id=techcom_header-webpage-powerplatform","target":"BLANK"},{"linkType":"EXTERNAL","id":"ms-learn-ext-github","url":"https://docs.microsoft.com/learn/github/?wt.mc_id=techcom_header-webpage-github","target":"BLANK"},
{"linkType":"EXTERNAL","id":"ms-learn-ext-teams","url":"https://docs.microsoft.com/learn/teams/?
wt.mc_id=techcom_header-webpage-teams","target":"BLANK"},{"linkType":"EXTERNAL","id":"ms-learn-ext-net","url":"https://docs.microsoft.com/learn/dotnet/?wt.mc_id=techcom_header-webpage-dotnet","target":"BLANK"},
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 26 of 38

{"linkType":"EXTERNAL","id":"ms-learn-ext-azure","url":"https://docs.microsoft.com/learn/azure/?
WT.mc_id=techcom_header-webpage-m365","target":"BLANK"}],"linkType":"INTERNAL","id":"Skills-Hub","params":
{"categoryId":"skills-hub"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"Common-community-info-center-link","params":{"categoryId":"Community-Info-Center"},"routeName":"CategoryPage"},
{"linkType":"INTERNAL","id":"Common-usergroups-link","params":
{"categoryId":"usergroups"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"Common-community-news-desk-link","params":{"categoryId":"CommunityNewsDesk"},"routeName":"CategoryPage"},
{"linkType":"INTERNAL","id":"Common-microsoft-global-community-initiative-link","params":{"categoryId":"microsoft-global-community-initiative"},"routeName":"CategoryPage"}],"linkType":"INTERNAL","id":"Common-gxcuf89792-
community","params":
{},"routeName":"CommunityPage"}]},"showSearchIcon":true,"languagePickerStyle":"iconAndLabel"},"__typename":"QuiltComponent"},
{"id":"community.widget.breadcrumbWidget","props":{"backgroundColor":"transparent","linkHighlightColor":"var(--lia-bs-primary)","visualEffects":{"showBottomBorder":true},"linkTextColor":"var(--lia-bs-gray-700)"},"__typename":"QuiltComponent"},{"id":"custom.widget.CommunityBanner","props":
{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"usePageWidth":false,"useBackground":false,"title":"","lazyLoad":false},"__typename":"Qu
{"id":"custom.widget.ChatbotWidget","props":
{"customComponentId":"custom.widget.ChatbotWidget","cDisplay_form":true,"useBackground":false},"__typename":"QuiltComponent"},
{"id":"custom.widget.HeroBanner","props":
{"widgetVisibility":"signedInOrAnonymous","usePageWidth":false,"useTitle":true,"cMax_items":3,"useBackground":false,"title":"","lazyLoad":false,"w
{"backgroundImageProps":
{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"
[{"id":"custom.widget.SocialSharing","props":
{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},
{"id":"custom.widget.MicrosoftFooter","props":
{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"}],"__ty
components/common/ActionFeedback-1775111751358":{"__typename":"CachedAsset","id":"text:en_US-components/common/ActionFeedback-1775111751358","value":
{"joinedGroupHub.title":"Welcome","joinedGroupHub.message":"You are now a member of this group and are subscribed
to updates.","groupHubInviteNotFound.title":"Invitation Not Found","groupHubInviteNotFound.message":"Sorry, we could
not find your invitation to the group. The owner may have canceled the invite.","groupHubNotFound.title":"Group Not
Found","groupHubNotFound.message":"The grouphub you tried to join does not exist. It may have been
deleted.","existingGroupHubMember.title":"Already Joined","existingGroupHubMember.message":"You are already a
member of this group.","accountLocked.title":"Account Locked","accountLocked.message":"Your account has been locked
due to multiple failed attempts. Try again in {lockoutTime} minutes.","editedGroupHub.title":"Changes
Saved","editedGroupHub.message":"Your group has been
updated.","leftGroupHub.title":"Goodbye","leftGroupHub.message":"You are no longer a member of this group and will not
receive future updates.","deletedGroupHub.title":"Deleted","deletedGroupHub.message":"The group has been
deleted.","groupHubCreated.title":"Group Created","groupHubCreated.message":"{groupHubName} is ready to
use","accountClosed.title":"Account Closed","accountClosed.message":"The account has been closed and you will now be
redirected to the homepage","resetTokenExpired.title":"Reset Password Link has
Expired","resetTokenExpired.message":"Try resetting your password again","invalidUrl.title":"Invalid
URL","invalidUrl.message":"The URL you're using is not recognized. Verify your URL and try
again.","accountClosedForUser.title":"Account Closed","accountClosedForUser.message":"{userName}'s account is
closed","inviteTokenInvalid.title":"Invitation Invalid","inviteTokenInvalid.message":"Your invitation to the community has
been canceled or expired.","inviteTokenError.title":"Invitation Verification Failed","inviteTokenError.message":"The url you
are utilizing is not recognized. Verify your URL and try again","pageNotFound.title":"Access
Denied","pageNotFound.message":"You do not have access to this area of the community or it doesn't
exist","eventAttending.title":"Responded as Attending","eventAttending.message":"You'll be notified when there's new
activity and reminded as the event approaches","eventInterested.title":"Responded as
Interested","eventInterested.message":"You'll be notified when there's new activity and reminded as the event
approaches","eventNotFound.title":"Event Not Found","eventNotFound.message":"The event you tried to respond to does
not exist.","redirectToRelatedPage.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.title":"Showing
Related Content","redirectToRelatedPageForBaseUsers.message":"The content you are trying to access is
archived","redirectToRelatedPage.message":"The content you are trying to access is
archived","relatedUrl.archivalLink.flyoutMessage":"The content you are trying to access is archived View Archived
Content"},"localOverride":false},"CachedAsset:component:custom.widget.CommunityBanner-en-us-1775110952328":
{"__typename":"CachedAsset","id":"component:custom.widget.CommunityBanner-en-us-1775110952328","value":
{"component":{"id":"custom.widget.CommunityBanner","template":
{"id":"CommunityBanner","markupLanguage":"REACT","style":null,"texts":null,"defaults":{"config":{"applicablePages":
[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":
[],"__typename":"ComponentProperties"},"components":
[{"id":"custom.widget.CommunityBanner","form":null,"config":null,"props":
[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":
{"applicablePages":[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 27 of 38

[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":
en-us-1775110952328":{"__typename":"CachedAsset","id":"component:custom.widget.ChatbotWidget-en-us-1775110952328","value":{"component":{"id":"custom.widget.ChatbotWidget","template":
{"id":"ChatbotWidget","markupLanguage":"REACT","style":null,"texts":{"chatbot.references.title":"Related
Articles","chatbot.welcome.title":"Welcome!","chatbot.welcome.description":"I'm here to help you explore and discover
great content.","chatbot.welcome.prompt":"Ask me a question or choose a suggestion below to get
started:","chatbot.welcome.cta":"Let's dive in—what would you like to discover today?","chatbot.status.typing":"Assistant
is typing…","chatbot.status.error":"error","chatbot.error.response":"Failed to get response. Please try
again.","chatbot.error.processing":"There was an error processing your message.","chatbot.error.configuration":"API URL
not configured","chatbot.error.network":"Network error occurred. Please check your connection and try
again.","chatbot.error.timeout":"Request timed out. Please try again.","chatbot.error.emptyResponse":"I couldn't generate a
response. Please try rephrasing your question.","chatbot.buttons.send":"Send","chatbot.buttons.close":"Close
chat","chatbot.buttons.newChat":"Start new chat","chatbot.buttons.collapse":"Collapse chat
panel","chatbot.buttons.expand":"Expand chat panel","chatbot.buttons.fullscreen":"Enter
fullscreen","chatbot.buttons.exitFullscreen":"Exit fullscreen","chatbot.buttons.like":"Like this
response","chatbot.buttons.dislike":"Dislike this response","chatbot.buttons.removeLike":"Remove
like","chatbot.buttons.removeDislike":"Remove dislike","chatbot.aria.chatInput":"Chat
input","chatbot.aria.sendMessage":"Send message","chatbot.aria.openChat":"Open chat
assistant","chatbot.aria.closeChat":"Close chat assistant","chatbot.defaults.title":"Ask Tech
Community","chatbot.defaults.subtitle":"Ask questions – get answers","chatbot.defaults.entryHeading":"Find
answers","chatbot.defaults.entrySubtext":"Ask the agent","chatbot.defaults.placeholder":"Type your
message…","chatbot.defaults.initialMessage":"Hi! I'm your assistant. Ask me something or pick a suggestion above to
begin.","chatbot.suggestions.findBlogs":"Find insightful blogs","chatbot.suggestions.exploreEvents":"Explore upcoming
events","chatbot.suggestions.startJourney":"Start your journey with something new","chatbot.dialog.endConversation":"End
conversation","chatbot.dialog.confirmEndConversation":"Do you want to end this conversation and start
over?","chatbot.dialog.endConversationButton":"End
conversation","chatbot.dialog.cancel":"Cancel","chatbot.error.genericServiceUnavailable":"The service is currently
unavailable. Please try again later.","chatbot.error.noResults":"We could not find any information related to your query. Try
rephrasing your query."},"defaults":{"config":{"applicablePages":
[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":
[],"__typename":"ComponentProperties"},"components":
[{"id":"custom.widget.ChatbotWidget","form":null,"config":null,"props":
[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":
{"applicablePages":[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":
[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":
en-us-1775110952328":{"__typename":"CachedAsset","id":"component:custom.widget.HeroBanner-en-us-1775110952328","value":{"component":{"id":"custom.widget.HeroBanner","template":
{"id":"HeroBanner","markupLanguage":"REACT","style":null,"texts":{"searchPlaceholderText":"Search this
community","followActionText":"Follow","unfollowActionText":"Following","searchOnHoverText":"Please enter your
search term(s) and then press return key to complete a search.","blogs.sidebar.pagetitle":"Latest Blogs | Microsoft Tech
Community","followThisNode":"Follow this node","unfollowThisNode":"Unfollow this
node","customField.teamsLink.title":"Microsoft teams link","customField.teamsLink.label":"Teams meeting
url"},"defaults":{"config":{"applicablePages":
[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":
[{"id":"max_items","dataType":"NUMBER","list":false,"defaultValue":"3","label":"Max Items","description":"The
maximum number of items to display in the
carousel","possibleValues":null,"control":"INPUT","__typename":"PropDefinition"}],"__typename":"ComponentProperties"},"components":
[{"id":"custom.widget.HeroBanner","form":{"fields":
[{"id":"widgetChooser","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description
{"id":"title","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possi
{"id":"useTitle","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":nul
{"id":"useBackground","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"descripti
{"id":"widgetVisibility","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description
{"id":"moreOptions","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":n
{"id":"cMax_items","validation":null,"noValidation":null,"dataType":"NUMBER","list":false,"control":"INPUT","defaultValue":"3","label":"Max
Items","description":"The maximum number of items to display in the
carousel","possibleValues":null,"__typename":"FormField"}],"layout":{"rows":
[{"id":"widgetChooserGroup","type":"fieldset","as":null,"items":
[{"id":"widgetChooser","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":
{"id":"titleGroup","type":"fieldset","as":null,"items":[{"id":"title","className":null,"__typename":"FormFieldRef"},
{"id":"useTitle","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"to
{"id":"useBackground","type":"fieldset","as":null,"items":
[{"id":"useBackground","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant"
{"id":"widgetVisibility","type":"fieldset","as":null,"items":
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 28 of 38

[{"id":"widgetVisibility","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant"
{"id":"moreOptionsGroup","type":"fieldset","as":null,"items":
[{"id":"moreOptions","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":nu
{"id":"componentPropsGroup","type":"fieldset","as":null,"items":
[{"id":"cMax_items","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":nu
[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":
{"applicablePages":[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":
[{"id":"max_items","dataType":"NUMBER","list":false,"defaultValue":"3","label":"Max Items","description":"The
maximum number of items to display in the
carousel","possibleValues":null,"control":"INPUT","__typename":"PropDefinition"}],"__typename":"ComponentProperties"},"form":
{"fields":
[{"id":"widgetChooser","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description
{"id":"title","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possi
{"id":"useTitle","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":nul
{"id":"useBackground","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"descripti
{"id":"widgetVisibility","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description
{"id":"moreOptions","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":n
{"id":"cMax_items","validation":null,"noValidation":null,"dataType":"NUMBER","list":false,"control":"INPUT","defaultValue":"3","label":"Max
Items","description":"The maximum number of items to display in the
carousel","possibleValues":null,"__typename":"FormField"}],"layout":{"rows":
[{"id":"widgetChooserGroup","type":"fieldset","as":null,"items":
[{"id":"widgetChooser","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":
{"id":"titleGroup","type":"fieldset","as":null,"items":[{"id":"title","className":null,"__typename":"FormFieldRef"},
{"id":"useTitle","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"to
{"id":"useBackground","type":"fieldset","as":null,"items":
[{"id":"useBackground","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant"
{"id":"widgetVisibility","type":"fieldset","as":null,"items":
[{"id":"widgetVisibility","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant"
{"id":"moreOptionsGroup","type":"fieldset","as":null,"items":
[{"id":"moreOptions","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":nu
{"id":"componentPropsGroup","type":"fieldset","as":null,"items":
[{"id":"cMax_items","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":nu
{"fields":
[{"id":"widgetChooser","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description
{"id":"title","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possi
{"id":"useTitle","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":nul
{"id":"useBackground","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"descripti
{"id":"widgetVisibility","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description
{"id":"moreOptions","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":n
{"id":"cMax_items","validation":null,"noValidation":null,"dataType":"NUMBER","list":false,"control":"INPUT","defaultValue":"3","label":"Max
Items","description":"The maximum number of items to display in the
carousel","possibleValues":null,"__typename":"FormField"}],"layout":{"rows":
[{"id":"widgetChooserGroup","type":"fieldset","as":null,"items":
[{"id":"widgetChooser","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":
{"id":"titleGroup","type":"fieldset","as":null,"items":[{"id":"title","className":null,"__typename":"FormFieldRef"},
{"id":"useTitle","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"to
{"id":"useBackground","type":"fieldset","as":null,"items":
[{"id":"useBackground","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant"
{"id":"widgetVisibility","type":"fieldset","as":null,"items":
[{"id":"widgetVisibility","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant"
{"id":"moreOptionsGroup","type":"fieldset","as":null,"items":
[{"id":"moreOptions","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":nu
{"id":"componentPropsGroup","type":"fieldset","as":null,"items":
[{"id":"cMax_items","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":nu
en-us-1775110952328":{"__typename":"CachedAsset","id":"component:custom.widget.UnregisteredCTAWidget-en-us-1775110952328","value":{"component":{"id":"custom.widget.UnregisteredCTAWidget","template":
{"id":"UnregisteredCTAWidget","markupLanguage":"REACT","style":null,"texts":{"register.communityHub":"Welcome to
the {name} Community Hub. Sign in to like, participate, or start a conversation.","register.category":"Welcome to the
{name} Community Hub. Sign in to like, participate, or start a conversation.","register.discussionBoard":"Welcome to the
{name} space. Sign in to like, reply, or start a discussion.","register.blogSpace":"Welcome to the {name} space. Sign in to
like or comment on articles in this space.","register.eventSpace":"Welcome to the {name} space. Sign in to RSVP, add
events to your calendar, and join the conversation.","register.ideaSpace":"Welcome to the {name} space. Sign in to vote,
comment, or submit your own feedback.","buttonRegister":"Sign in","register.discussionBoardArticle":"Have a question or
insight to share? Sign in to join the discussion.","register.blogSpaceArticle":"Enjoying the article? Sign in to share your
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 29 of 38

thoughts.","register.eventSpaceArticle":"Don’t just watch - take part. Sign in to RSVP, ask questions, and join the
discussion.","register.ideaSpaceArticle":"Sign in to submit ideas, upvote ideas, and join the conversation."},"defaults":
{"config":{"applicablePages":
[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":
[],"__typename":"ComponentProperties"},"components":
[{"id":"custom.widget.UnregisteredCTAWidget","form":null,"config":null,"props":
[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":
{"applicablePages":[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":
[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":
en-us-1775110952328":{"__typename":"CachedAsset","id":"component:custom.widget.SocialSharing-en-us-1775110952328","value":{"component":{"id":"custom.widget.SocialSharing","template":
{"id":"SocialSharing","markupLanguage":"HANDLEBARS","style":".sharePage {\n display: flex;\n justify-content:
center;\n background: #d7d7d7;\n padding: 0px;\n height: 60px;\n}\n.singleSocialIcons {\n display: flex;\n gap: 12px;\n list-style-type: none;\n padding: 0px;\n margin: 0;\n}\n.containers {\n display: flex;\n gap: 30px;\n}\n\n.listIcon {\n align-content: center;\n}\n.headingShare {\n display: inline;\n margin-right: 25px;\n margin-bottom: 0px;\n font-size: 20px;\n
font-weight: 550;\n align-content: center;\n}\n\n@media (max-width: 990px) {\n .sharePage {\n display: flex;\n justify-content: center;\n }\n\n .containers {\n display: inline-block;\n justify-content: center;\n align-content: center;\n align-items:
center;\n }\n .headingShare {\n display: flex;\n justify-content: center;\n }\n .singleSocialIcons {\n
}\n}\n","texts":null,"defaults":{"config":{"applicablePages":[],"description":"Adds buttons to share to various social media
websites","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":
[],"__typename":"ComponentProperties"},"components":
[{"id":"custom.widget.SocialSharing","form":null,"config":null,"props":
[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":
{"applicablePages":[],"description":"Adds buttons to share to various social media
websites","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":
[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":
{"css":".custom_widget_SocialSharing_sharePage_6x3n8_1 {\n display: flex;\n justify-content: center;\n background:
#d7d7d7;\n padding: 0;\n height: 3.75rem;\n}\n.custom_widget_SocialSharing_singleSocialIcons_6x3n8_8 {\n display:
flex;\n gap: 0.75rem;\n list-style-type: none;\n padding: 0;\n margin:
0;\n}\n.custom_widget_SocialSharing_containers_6x3n8_15 {\n display: flex;\n gap:
1.875rem;\n}\n.custom_widget_SocialSharing_listIcon_6x3n8_20 {\n align-content:
center;\n}\n.custom_widget_SocialSharing_headingShare_6x3n8_23 {\n display: inline;\n margin-right: 1.5625rem;\n
margin-bottom: 0;\n font-size: 1.25rem;\n font-weight: 550;\n align-content: center;\n}\n@media (max-width: 990px) {\n
.custom_widget_SocialSharing_sharePage_6x3n8_1 {\n display: flex;\n justify-content: center;\n }\n\n
.custom_widget_SocialSharing_containers_6x3n8_15 {\n display: inline-block;\n justify-content: center;\n align-content:
center;\n align-items: center;\n }\n .custom_widget_SocialSharing_headingShare_6x3n8_23 {\n display: flex;\n justify-content: center;\n }\n .custom_widget_SocialSharing_singleSocialIcons_6x3n8_8 {\n }\n}\n","tokens":
{"sharePage":"custom_widget_SocialSharing_sharePage_6x3n8_1","singleSocialIcons":"custom_widget_SocialSharing_singleSocialIcons_6x3n8_8","co
en-us-1775110952328":{"__typename":"CachedAsset","id":"component:custom.widget.MicrosoftFooter-en-us-1775110952328","value":{"component":{"id":"custom.widget.MicrosoftFooter","template":
{"id":"MicrosoftFooter","markupLanguage":"HANDLEBARS","style":".context-uhf {\r\n min-width: 280px;\r\n font-size:
15px;\r\n box-sizing: border-box;\r\n -ms-text-size-adjust: 100%;\r\n -webkit-text-size-adjust: 100%;\r\n & *,\r\n &
*:before,\r\n & *:after {\r\n box-sizing: inherit;\r\n }\r\n a.c-uhff-link {\r\n color: #616161;\r\n word-break: break-word;\r\n
text-decoration: none;\r\n }\r\n &a:link,\r\n &a:focus,\r\n &a:hover,\r\n &a:active,\r\n &a:visited {\r\n text-decoration:
none;\r\n color: inherit;\r\n }\r\n & div {\r\n font-family: 'Segoe UI', SegoeUI, 'Helvetica Neue', Helvetica, Arial, sans-serif;\r\n }\r\n}\r\n.c-uhff {\r\n background: #f2f2f2;\r\n margin: -1.5625;\r\n width: auto;\r\n height: auto;\r\n}\r\n.c-uhff-nav {\r\n margin: 0 auto;\r\n max-width: calc(1600px + 10%);\r\n padding: 0 5%;\r\n box-sizing: inherit;\r\n &:before,\r\n
&:after {\r\n content: ' ';\r\n display: table;\r\n clear: left;\r\n }\r\n @media only screen and (max-width: 1083px) {\r\n
padding-left: 12px;\r\n }\r\n .c-heading-4 {\r\n color: #616161;\r\n word-break: break-word;\r\n font-size: 15px;\r\n line-height: 20px;\r\n padding: 36px 0 4px;\r\n font-weight: 600;\r\n }\r\n .c-uhff-nav-row {\r\n .c-uhff-nav-group {\r\n display:
block;\r\n float: left;\r\n min-height: 1px;\r\n vertical-align: text-top;\r\n padding: 0 12px;\r\n width: 100%;\r\n zoom: 1;\r\n
&:first-child {\r\n padding-left: 0;\r\n @media only screen and (max-width: 1083px) {\r\n padding-left: 12px;\r\n }\r\n }\r\n
@media only screen and (min-width: 540px) and (max-width: 1082px) {\r\n width: 33.33333%;\r\n }\r\n @media only
screen and (min-width: 1083px) {\r\n width: 16.6666666667%;\r\n }\r\n ul.c-list.f-bare {\r\n font-size: 11px;\r\n line-height:
16px;\r\n margin-top: 0;\r\n margin-bottom: 0;\r\n padding-left: 0;\r\n list-style-type: none;\r\n li {\r\n word-break: break-word;\r\n padding: 8px 0;\r\n margin: 0;\r\n }\r\n }\r\n }\r\n }\r\n}\r\n.c-uhff-base {\r\n background: #f2f2f2;\r\n margin: 0
auto;\r\n max-width: calc(1600px + 10%);\r\n padding: 30px 5% 16px;\r\n &:before,\r\n &:after {\r\n content: ' ';\r\n
display: table;\r\n }\r\n &:after {\r\n clear: both;\r\n }\r\n a.c-uhff-ccpa,\r\n a.c-uhff-consumer {\r\n display: flex;\r\n float:
left;\r\n font-size: 11px;\r\n line-height: 16px;\r\n padding: 4px 24px 0 0;\r\n }\r\n a.c-uhff-ccpa:hover,\r\n a.c-uhff-consumer:hover {\r\n text-decoration: underline;\r\n }\r\n ul.c-list {\r\n font-size: 11px;\r\n line-height: 16px;\r\n float:
right;\r\n margin: 3px 0;\r\n color: #616161;\r\n li {\r\n padding: 0 24px 4px 0;\r\n display: inline-block;\r\n }\r\n }\r\n .c-list.f-bare {\r\n padding-left: 0;\r\n list-style-type: none;\r\n }\r\n @media only screen and (max-width: 1083px) {\r\n
display: flex;\r\n flex-wrap: wrap;\r\n padding: 30px 24px 16px;\r\n }\r\n}\r\n\r\n.social-share {\r\n position: fixed;\r\n top:
60%;\r\n transform: translateY(-50%);\r\n left: 0;\r\n z-index: 1000;\r\n}\r\n\r\n.sharing-options {\r\n list-style: none;\r\n
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 30 of 38

padding: 0;\r\n margin: 0;\r\n display: block;\r\n flex-direction: column;\r\n background-color: white;\r\n width: 50px;\r\n
border-radius: 0px 7px 7px 0px;\r\n}\r\n.linkedin-icon {\r\n border-top-right-radius: 7px;\r\n}\r\n.linkedin-icon:hover {\r\n
border-radius: 0;\r\n}\r\n\r\n.social-share-email-image:hover {\r\n border-radius: 0;\r\n}\r\n\r\n.social-link-footer:hover
.linkedin-icon {\r\n border-radius: 0;\r\n}\r\n.social-link-footer:hover .social-share-email-image {\r\n border-radius:
0;\r\n}\r\n\r\n.social-link-footer img {\r\n width: 30px;\r\n height: auto;\r\n transition: filter 0.3s ease;\r\n}\r\n\r\n.social-share-list {\r\n width: 50px;\r\n}\r\n.social-share-rss-image {\r\n width: 30px;\r\n height: auto;\r\n transition: filter 0.3s
ease;\r\n}\r\n.sharing-options li {\r\n width: 50px;\r\n height: 50px;\r\n padding: 8px;\r\n box-sizing: border-box;\r\n border:
2px solid white;\r\n display: inline-block;\r\n text-align: center;\r\n opacity: 1;\r\n visibility: visible;\r\n transition: border
0.3s ease; /* Smooth transition effect */\r\n border-left: none;\r\n border-bottom: none; /* Apply bottom border to only last
item */\r\n}\r\n\r\n.social-share-list-linkedin {\r\n background-color: #0474b4;\r\n border-top-right-radius: 5px; /* Rounded
top right corner of first item*/\r\n}\r\n.social-share-list-facebook {\r\n background-color: #3c5c9c;\r\n}\r\n.social-share-list-xicon {\r\n background-color: #000;\r\n}\r\n.social-share-list-reddit {\r\n background-color: #fc4404;\r\n}\r\n.social-share-list-bluesky {\r\n background-color: #f0f2f5;\r\n}\r\n.social-share-list-rss {\r\n background-color: #ec7b1c;\r\n}\r\n.social-share-list-mail {\r\n background-color: #848484;\r\n border-bottom-right-radius: 5px; /* Rounded bottom right corner of last
item*/\r\n}\r\n.sharing-options li.social-share-list-mail {\r\n border-bottom: 2px solid white; /* Add bottom border only to
the last item */\r\n height: 52px; /* Increase last child height to make in align with the hover label */\r\n}\r\n.x-icon {\r\n
filter: invert(100%);\r\n transition: filter 0.3s ease;\r\n width: 20px !important;\r\n height: auto;\r\n padding-top: 5px
!important;\r\n}\r\n.bluesky-icon {\r\n filter: invert(20%) sepia(100%) saturate(3000%) hue-rotate(180deg);\r\n transition:
filter 0.3s ease;\r\n padding-top: 5px !important;\r\n width: 25px !important;\r\n}\r\n\r\n.share-icon {\r\n border: 2px solid
transparent;\r\n display: inline-block;\r\n position: relative;\r\n}\r\n\r\n.sharing-options li:hover {\r\n border: 2px solid
white;\r\n border-left: none;\r\n border-bottom: none;\r\n border-radius: 0px;\r\n}\r\n.sharing-options li.social-share-list-mail:hover {\r\n border-bottom: 2px solid white; /* Add bottom border only to the last item */\r\n}\r\n\r\n.sharing-options
li:hover .label {\r\n opacity: 1;\r\n visibility: visible;\r\n border: 2px solid white;\r\n box-sizing: border-box;\r\n border-left:
none;\r\n}\r\n\r\n.label {\r\n position: absolute;\r\n left: 100%;\r\n white-space: nowrap;\r\n opacity: 0;\r\n visibility:
hidden;\r\n transition: all 0.2s ease;\r\n color: white;\r\n border-radius: 0 10 0 10px;\r\n top: 50%;\r\n transform:
translateY(-50%);\r\n height: 52px;\r\n display: flex;\r\n align-items: center;\r\n justify-content: center;\r\n padding: 10px
12px 15px 8px;\r\n border: 2px solid white;\r\n}\r\n.linkedin {\r\n background-color: #0474b4;\r\n border-top-right-radius:
5px; /* Rounded top right corner of first item*/\r\n}\r\n.facebook {\r\n background-color: #3c5c9c;\r\n}\r\n.twitter {\r\n
background-color: black;\r\n color: white;\r\n}\r\n.reddit {\r\n background-color: #fc4404;\r\n}\r\n.mail {\r\n background-color: #848484;\r\n border-bottom-right-radius: 5px; /* Rounded bottom right corner of last item*/\r\n}\r\n.bluesky {\r\n
background-color: #f0f2f5;\r\n color: black;\r\n}\r\n.rss {\r\n background-color: #ec7b1c;\r\n}\r\n\r\n@media (max-width:
991px) {\r\n .social-share {\r\n display: none;\r\n }\r\n}\r\n","texts":{"heading.whatsNew":"What's
new","heading.store":"Microsoft
Store","heading.education":"Education","heading.business":"Business","heading.developer":"Developer &
IT","heading.company":"Company","link.whatsNew.surfacePro":"Surface Pro","aria.whatsNew.surfacePro":"Surface Pro
What's new","link.whatsNew.surfaceLaptop":"Surface Laptop","aria.whatsNew.surfaceLaptop":"Surface Laptop What's
new","link.whatsNew.surfaceLaptopStudio2":"Surface Laptop Studio 2","aria.whatsNew.surfaceLaptopStudio2":"Surface
Laptop Studio 2 What's new","link.whatsNew.copilotOrganizations":"Copilot for
organizations","aria.whatsNew.copilotOrganizations":"Copilot for organizations What's
new","link.whatsNew.copilotPersonal":"Copilot for personal use","aria.whatsNew.copilotPersonal":"Copilot for personal
use What's new","link.whatsNew.aiInWindows":"AI in Windows","aria.whatsNew.aiInWindows":"AI in Windows What's
new","link.whatsNew.exploreProducts":"Explore Microsoft products","aria.whatsNew.exploreProducts":"Explore Microsoft
products What's new","link.whatsNew.windows11Apps":"Windows 11 apps","aria.whatsNew.windows11Apps":"Windows
11 apps What's new","link.store.accountProfile":"Account profile","aria.store.accountProfile":"Account profile Microsoft
Store","link.store.downloadCenter":"Download Center","aria.store.downloadCenter":"Download Center Microsoft
Store","link.store.support":"Microsoft Store support","aria.store.support":"Microsoft Store support Microsoft
Store","link.store.returns":"Returns","aria.store.returns":"Returns Microsoft Store","link.store.orderTracking":"Order
tracking","aria.store.orderTracking":"Order tracking Microsoft Store","link.store.certifiedRefurbished":"Certified
Refurbished","aria.store.certifiedRefurbished":"Certified Refurbished Microsoft Store","link.store.promise":"Microsoft
Store Promise","aria.store.promise":"Microsoft Store Promise Microsoft Store","link.store.flexiblePayments":"Flexible
Payments","aria.store.flexiblePayments":"Flexible Payments Microsoft
Store","link.education.microsoftInEducation":"Microsoft in education","aria.education.microsoftInEducation":"Microsoft in
education Education","link.education.devices":"Devices for education","aria.education.devices":"Devices for education
Education","link.education.teams":"Microsoft Teams for Education","aria.education.teams":"Microsoft Teams for Education
Education","link.education.m365":"Microsoft 365 Education","aria.education.m365":"Microsoft 365 Education
Education","link.education.howToBuy":"How to buy for your school","aria.education.howToBuy":"How to buy for your
school Education","link.education.training":"Educator training and development","aria.education.training":"Educator
training and development Education","link.education.deals":"Deals for students and parents","aria.education.deals":"Deals
for students and parents Education","link.education.ai":"AI for education","aria.education.ai":"AI for education
Education","link.business.microsoftAi":"Microsoft AI","aria.business.microsoftAi":"Microsoft AI
Business","link.business.security":"Microsoft Security","aria.business.security":"Microsoft Security
Business","link.business.dynamics":"Dynamics 365","aria.business.dynamics":"Dynamics 365
Business","link.business.m365":"Microsoft 365","aria.business.m365":"Microsoft 365
Business","link.business.powerPlatform":"Microsoft Power Platform","aria.business.powerPlatform":"Microsoft Power
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 31 of 38

Platform Business","link.business.teams":"Microsoft Teams","aria.business.teams":"Microsoft Teams
Business","link.business.m365Copilot":"Microsoft 365 Copilot","aria.business.m365Copilot":"Microsoft 365 Copilot
Business","link.business.smallBusiness":"Small Business","aria.business.smallBusiness":"Small Business
Business","link.developer.azure":"Azure","aria.developer.azure":"Azure Developer &
IT","link.developer.developerCenter":"Microsoft Developer","aria.developer.developerCenter":"Microsoft Developer
Developer & IT","link.developer.learn":"Microsoft Learn","aria.developer.learn":"Microsoft Learn Developer &
IT","link.developer.aiMarketplace":"Support for AI marketplace apps","aria.developer.aiMarketplace":"Support for AI
marketplace apps Developer & IT","link.developer.techCommunity":"Microsoft Tech
Community","aria.developer.techCommunity":"Microsoft Tech Community Developer &
IT","link.developer.marketplace":"Microsoft Marketplace","aria.developer.marketplace":"Microsoft Marketplace Developer
& IT","link.developer.marketplaceRewards":"Marketplace Rewards","aria.developer.marketplaceRewards":"Marketplace
Rewards Developer & IT","link.developer.visualStudio":"Visual Studio","aria.developer.visualStudio":"Visual Studio
Developer & IT","link.company.careers":"Careers","aria.company.careers":"Careers
Company","link.company.about":"About Microsoft","aria.company.about":"About Microsoft
Company","link.company.news":"Company news","aria.company.news":"Company news
Company","link.company.privacy":"Privacy at Microsoft","aria.company.privacy":"Privacy at Microsoft
Company","link.company.investors":"Investors","aria.company.investors":"Investors
Company","link.company.diversity":"Diversity and inclusion","aria.company.diversity":"Diversity and inclusion
Company","link.company.accessibility":"Accessibility","aria.company.accessibility":"Accessibility
Company","link.company.sustainability":"Sustainability","aria.company.sustainability":"Sustainability
Company","ccpa.label":"Your Privacy Choices","consumerhealthprivacy.label":"Consumer Health
Privacy","corp.sitemap":"Sitemap","corp.contact":"Contact
Microsoft","corp.privacy":"Privacy","corp.manageCookies":"Manage cookies","corp.terms":"Terms of
use","corp.trademarks":"Trademarks","corp.safetyEco":"Safety &
eco","corp.recycling":"Recycling","corp.aboutAds":"About our
ads","corp.microsoft":"Microsoft","social.linkedin.alt":"Share to LinkedIn","social.linkedin.label":"Share on
LinkedIn","social.facebook.alt":"Share to Facebook","social.facebook.label":"Share on Facebook","social.x.alt":"Share to
X","social.x.label":"Share on X","social.reddit.alt":"Share to Reddit","social.reddit.label":"Share on
Reddit","social.bluesky.alt":"Share to Blue Sky","social.bluesky.label":"Share on Bluesky","social.rss.alt":"Subscribe to
RSS","social.rss.label":"Share on RSS","social.email.alt":"Share to Email","social.email.label":"Share on
Email"},"defaults":{"config":{"applicablePages":[],"description":"The Microsoft
Footer","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":
[],"__typename":"ComponentProperties"},"components":
[{"id":"custom.widget.MicrosoftFooter","form":null,"config":null,"props":
[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":
{"applicablePages":[],"description":"The Microsoft
Footer","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":
[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":
{"css":".custom_widget_MicrosoftFooter_context-uhf_qp4x5_1 {\r\n min-width: 17.5rem;\r\n font-size: 0.9375rem;\r\n
box-sizing: border-box;\r\n -ms-text-size-adjust: 100%;\r\n -webkit-text-size-adjust: 100%;\r\n & *,\r\n & *:before,\r\n &
*:after {\r\n box-sizing: inherit;\r\n }\r\n a.custom_widget_MicrosoftFooter_c-uhff-link_qp4x5_23 {\r\n color: #616161;\r\n
word-break: break-word;\r\n text-decoration: none;\r\n }\r\n &a:link,\r\n &a:focus,\r\n &a:hover,\r\n &a:active,\r\n
&a:visited {\r\n text-decoration: none;\r\n color: inherit;\r\n }\r\n & div {\r\n font-family: 'Segoe UI', SegoeUI, 'Helvetica
Neue', Helvetica, Arial, sans-serif;\r\n }\r\n}\r\n.custom_widget_MicrosoftFooter_c-uhff_qp4x5_23 {\r\n background:
#f2f2f2;\r\n margin: -1.5625;\r\n width: auto;\r\n height: auto;\r\n}\r\n.custom_widget_MicrosoftFooter_c-uhff-nav_qp4x5_69 {\r\n margin: 0 auto;\r\n max-width: calc(100rem + 10%);\r\n padding: 0 5%;\r\n box-sizing: inherit;\r\n
&:before,\r\n &:after {\r\n content: ' ';\r\n display: table;\r\n clear: left;\r\n }\r\n @media only screen and (max-width:
1083px) {\r\n padding-left: 0.75rem;\r\n }\r\n .custom_widget_MicrosoftFooter_c-heading-4_qp4x5_97 {\r\n color:
#616161;\r\n word-break: break-word;\r\n font-size: 0.9375rem;\r\n line-height: 1.25rem;\r\n padding: 2.25rem 0
0.25rem;\r\n font-weight: 600;\r\n }\r\n .custom_widget_MicrosoftFooter_c-uhff-nav-row_qp4x5_113 {\r\n
.custom_widget_MicrosoftFooter_c-uhff-nav-group_qp4x5_115 {\r\n display: block;\r\n float: left;\r\n min-height:
0.0625rem;\r\n vertical-align: text-top;\r\n padding: 0 0.75rem;\r\n width: 100%;\r\n zoom: 1;\r\n &:first-child {\r\n padding-left: 0;\r\n @media only screen and (max-width: 1083px) {\r\n padding-left: 0.75rem;\r\n }\r\n }\r\n @media only screen
and (min-width: 540px) and (max-width: 1082px) {\r\n width: 33.33333%;\r\n }\r\n @media only screen and (min-width:
1083px) {\r\n width: 16.6666666667%;\r\n }\r\n ul.custom_widget_MicrosoftFooter_c-list_qp4x5_155.custom_widget_MicrosoftFooter_f-bare_qp4x5_155 {\r\n font-size: 0.6875rem;\r\n line-height: 1rem;\r\n
margin-top: 0;\r\n margin-bottom: 0;\r\n padding-left: 0;\r\n list-style-type: none;\r\n li {\r\n word-break: break-word;\r\n
padding: 0.5rem 0;\r\n margin: 0;\r\n }\r\n }\r\n }\r\n }\r\n}\r\n.custom_widget_MicrosoftFooter_c-uhff-base_qp4x5_187
{\r\n background: #f2f2f2;\r\n margin: 0 auto;\r\n max-width: calc(100rem + 10%);\r\n padding: 1.875rem 5% 1rem;\r\n
&:before,\r\n &:after {\r\n content: ' ';\r\n display: table;\r\n }\r\n &:after {\r\n clear: both;\r\n }\r\n
a.custom_widget_MicrosoftFooter_c-uhff-ccpa_qp4x5_213,\r\n a.custom_widget_MicrosoftFooter_c-uhff-consumer_qp4x5_215 {\r\n display: flex;\r\n float: left;\r\n font-size: 0.6875rem;\r\n line-height: 1rem;\r\n padding: 0.25rem
1.5rem 0 0;\r\n }\r\n a.custom_widget_MicrosoftFooter_c-uhff-ccpa_qp4x5_213:hover,\r\n
a.custom_widget_MicrosoftFooter_c-uhff-consumer_qp4x5_215:hover {\r\n text-decoration: underline;\r\n }\r\n
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 32 of 38

ul.custom_widget_MicrosoftFooter_c-list_qp4x5_155 {\r\n font-size: 0.6875rem;\r\n line-height: 1rem;\r\n float: right;\r\n
margin: 0.1875rem 0;\r\n color: #616161;\r\n li {\r\n padding: 0 1.5rem 0.25rem 0;\r\n display: inline-block;\r\n }\r\n }\r\n
.custom_widget_MicrosoftFooter_c-list_qp4x5_155.custom_widget_MicrosoftFooter_f-bare_qp4x5_155 {\r\n padding-left:
0;\r\n list-style-type: none;\r\n }\r\n @media only screen and (max-width: 1083px) {\r\n display: flex;\r\n flex-wrap:
wrap;\r\n padding: 1.875rem 1.5rem 1rem;\r\n }\r\n}\r\n.custom_widget_MicrosoftFooter_social-share_qp4x5_281 {\r\n
position: fixed;\r\n top: 60%;\r\n transform: translateY(-50%);\r\n left: 0;\r\n z-index:
1000;\r\n}\r\n.custom_widget_MicrosoftFooter_sharing-options_qp4x5_297 {\r\n list-style: none;\r\n padding: 0;\r\n
margin: 0;\r\n display: block;\r\n flex-direction: column;\r\n background-color: white;\r\n width: 3.125rem;\r\n border-radius: 0 0.4375rem 0.4375rem 0;\r\n}\r\n.custom_widget_MicrosoftFooter_linkedin-icon_qp4x5_317 {\r\n border-top-right-radius: 7px;\r\n}\r\n.custom_widget_MicrosoftFooter_linkedin-icon_qp4x5_317:hover {\r\n border-radius:
0;\r\n}\r\n.custom_widget_MicrosoftFooter_social-share-email-image_qp4x5_331:hover {\r\n border-radius:
0;\r\n}\r\n.custom_widget_MicrosoftFooter_social-link-footer_qp4x5_339:hover
.custom_widget_MicrosoftFooter_linkedin-icon_qp4x5_317 {\r\n border-radius:
0;\r\n}\r\n.custom_widget_MicrosoftFooter_social-link-footer_qp4x5_339:hover .custom_widget_MicrosoftFooter_social-share-email-image_qp4x5_331 {\r\n border-radius: 0;\r\n}\r\n.custom_widget_MicrosoftFooter_social-link-footer_qp4x5_339 img {\r\n width: 1.875rem;\r\n height: auto;\r\n transition: filter 0.3s
ease;\r\n}\r\n.custom_widget_MicrosoftFooter_social-share-list_qp4x5_365 {\r\n width:
3.125rem;\r\n}\r\n.custom_widget_MicrosoftFooter_social-share-rss-image_qp4x5_371 {\r\n width: 1.875rem;\r\n height:
auto;\r\n transition: filter 0.3s ease;\r\n}\r\n.custom_widget_MicrosoftFooter_sharing-options_qp4x5_297 li {\r\n width:
3.125rem;\r\n height: 3.125rem;\r\n padding: 0.5rem;\r\n box-sizing: border-box;\r\n border: 2px solid white;\r\n display:
inline-block;\r\n text-align: center;\r\n opacity: 1;\r\n visibility: visible;\r\n transition: border 0.3s ease; /* Smooth transition
effect */\r\n border-left: none;\r\n border-bottom: none; /* Apply bottom border to only last item
*/\r\n}\r\n.custom_widget_MicrosoftFooter_social-share-list-linkedin_qp4x5_411 {\r\n background-color: #0474b4;\r\n
border-top-right-radius: 5px; /* Rounded top right corner of first item*/\r\n}\r\n.custom_widget_MicrosoftFooter_social-share-list-facebook_qp4x5_419 {\r\n background-color: #3c5c9c;\r\n}\r\n.custom_widget_MicrosoftFooter_social-share-list-xicon_qp4x5_425 {\r\n background-color: #000;\r\n}\r\n.custom_widget_MicrosoftFooter_social-share-list-reddit_qp4x5_431 {\r\n background-color: #fc4404;\r\n}\r\n.custom_widget_MicrosoftFooter_social-share-list-bluesky_qp4x5_437 {\r\n background-color: #f0f2f5;\r\n}\r\n.custom_widget_MicrosoftFooter_social-share-list-rss_qp4x5_443 {\r\n background-color: #ec7b1c;\r\n}\r\n.custom_widget_MicrosoftFooter_social-share-list-mail_qp4x5_449 {\r\n background-color: #848484;\r\n border-bottom-right-radius: 5px; /* Rounded bottom right corner of
last item*/\r\n}\r\n.custom_widget_MicrosoftFooter_sharing-options_qp4x5_297 li.custom_widget_MicrosoftFooter_social-share-list-mail_qp4x5_449 {\r\n border-bottom: 2px solid white; /* Add bottom border only to the last item */\r\n height:
3.25rem; /* Increase last child height to make in align with the hover label */\r\n}\r\n.custom_widget_MicrosoftFooter_x-icon_qp4x5_465 {\r\n filter: invert(100%);\r\n transition: filter 0.3s ease;\r\n width: 1.25rem !important;\r\n height: auto;\r\n
padding-top: 0.3125rem !important;\r\n}\r\n.custom_widget_MicrosoftFooter_bluesky-icon_qp4x5_479 {\r\n filter:
invert(20%) sepia(100%) saturate(3000%) hue-rotate(180deg);\r\n transition: filter 0.3s ease;\r\n padding-top: 0.3125rem
!important;\r\n width: 1.5625rem !important;\r\n}\r\n.custom_widget_MicrosoftFooter_share-icon_qp4x5_493 {\r\n border:
2px solid transparent;\r\n display: inline-block;\r\n position: relative;\r\n}\r\n.custom_widget_MicrosoftFooter_sharing-options_qp4x5_297 li:hover {\r\n border: 2px solid white;\r\n border-left: none;\r\n border-bottom: none;\r\n border-radius:
0;\r\n}\r\n.custom_widget_MicrosoftFooter_sharing-options_qp4x5_297 li.custom_widget_MicrosoftFooter_social-share-list-mail_qp4x5_449:hover {\r\n border-bottom: 2px solid white; /* Add bottom border only to the last item
*/\r\n}\r\n.custom_widget_MicrosoftFooter_sharing-options_qp4x5_297 li:hover
.custom_widget_MicrosoftFooter_label_qp4x5_525 {\r\n opacity: 1;\r\n visibility: visible;\r\n border: 2px solid white;\r\n
box-sizing: border-box;\r\n border-left: none;\r\n}\r\n.custom_widget_MicrosoftFooter_label_qp4x5_525 {\r\n position:
absolute;\r\n left: 100%;\r\n white-space: nowrap;\r\n opacity: 0;\r\n visibility: hidden;\r\n transition: all 0.2s ease;\r\n color:
white;\r\n border-radius: 0 10 0 0.625rem;\r\n top: 50%;\r\n transform: translateY(-50%);\r\n height: 3.25rem;\r\n display:
flex;\r\n align-items: center;\r\n justify-content: center;\r\n padding: 0.625rem 0.75rem 0.9375rem 0.5rem;\r\n border: 2px
solid white;\r\n}\r\n.custom_widget_MicrosoftFooter_linkedin_qp4x5_317 {\r\n background-color: #0474b4;\r\n border-top-right-radius: 5px; /* Rounded top right corner of first
item*/\r\n}\r\n.custom_widget_MicrosoftFooter_facebook_qp4x5_585 {\r\n background-color:
#3c5c9c;\r\n}\r\n.custom_widget_MicrosoftFooter_twitter_qp4x5_591 {\r\n background-color: black;\r\n color:
white;\r\n}\r\n.custom_widget_MicrosoftFooter_reddit_qp4x5_599 {\r\n background-color:
#fc4404;\r\n}\r\n.custom_widget_MicrosoftFooter_mail_qp4x5_605 {\r\n background-color: #848484;\r\n border-bottom-right-radius: 5px; /* Rounded bottom right corner of last
item*/\r\n}\r\n.custom_widget_MicrosoftFooter_bluesky_qp4x5_479 {\r\n background-color: #f0f2f5;\r\n color:
black;\r\n}\r\n.custom_widget_MicrosoftFooter_rss_qp4x5_621 {\r\n background-color: #ec7b1c;\r\n}\r\n@media (max-width: 991px) {\r\n .custom_widget_MicrosoftFooter_social-share_qp4x5_281 {\r\n display: none;\r\n }\r\n}\r\n","tokens":
{"context-uhf":"custom_widget_MicrosoftFooter_context-uhf_qp4x5_1","c-uhff-link":"custom_widget_MicrosoftFooter_c-uhff-link_qp4x5_23","c-uhff":"custom_widget_MicrosoftFooter_c-uhff_qp4x5_23","c-uhff-nav":"custom_widget_MicrosoftFooter_c-uhff-nav_qp4x5_69","c-heading-4":"custom_widget_MicrosoftFooter_c-heading-4_qp4x5_97","c-uhff-nav-row":"custom_widget_MicrosoftFooter_c-uhff-nav-row_qp4x5_113","c-uhff-nav-group":"custom_widget_MicrosoftFooter_c-uhff-nav-group_qp4x5_115","c-list":"custom_widget_MicrosoftFooter_c-list_qp4x5_155","f-bare":"custom_widget_MicrosoftFooter_f-bare_qp4x5_155","c-uhff-base":"custom_widget_MicrosoftFooter_c-uhff-base_qp4x5_187","c-uhff-ccpa":"custom_widget_MicrosoftFooter_c-uhff-https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 33 of 38

ccpa_qp4x5_213","c-uhff-consumer":"custom_widget_MicrosoftFooter_c-uhff-consumer_qp4x5_215","social-share":"custom_widget_MicrosoftFooter_social-share_qp4x5_281","sharing-options":"custom_widget_MicrosoftFooter_sharing-options_qp4x5_297","linkedin-icon":"custom_widget_MicrosoftFooter_linkedin-icon_qp4x5_317","social-share-email-image":"custom_widget_MicrosoftFooter_social-share-email-image_qp4x5_331","social-link-footer":"custom_widget_MicrosoftFooter_social-link-footer_qp4x5_339","social-share-list":"custom_widget_MicrosoftFooter_social-share-list_qp4x5_365","social-share-rss-image":"custom_widget_MicrosoftFooter_social-share-rss-image_qp4x5_371","social-share-list-linkedin":"custom_widget_MicrosoftFooter_social-share-list-linkedin_qp4x5_411","social-share-list-facebook":"custom_widget_MicrosoftFooter_social-share-list-facebook_qp4x5_419","social-share-list-xicon":"custom_widget_MicrosoftFooter_social-share-list-xicon_qp4x5_425","social-share-list-reddit":"custom_widget_MicrosoftFooter_social-share-list-reddit_qp4x5_431","social-share-list-bluesky":"custom_widget_MicrosoftFooter_social-share-list-bluesky_qp4x5_437","social-share-list-rss":"custom_widget_MicrosoftFooter_social-share-list-rss_qp4x5_443","social-share-list-mail":"custom_widget_MicrosoftFooter_social-share-list-mail_qp4x5_449","x-icon":"custom_widget_MicrosoftFooter_x-icon_qp4x5_465","bluesky-icon":"custom_widget_MicrosoftFooter_bluesky-icon_qp4x5_479","share-icon":"custom_widget_MicrosoftFooter_share-icon_qp4x5_493","label":"custom_widget_MicrosoftFooter_label_qp4x5_525","linkedin":"custom_widget_MicrosoftFooter_linkedin_qp4x5_317","faceb
components/community/Breadcrumb-1775111751358":{"__typename":"CachedAsset","id":"text:en_US-components/community/Breadcrumb-1775111751358","value":{"navLabel":"Breadcrumbs","dropdown":"Additional parent
page navigation"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageBanner-1775111751358":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageBanner-1775111751358","value":{"messageMarkedAsSpam":"This post has been marked as
spam","messageMarkedAsSpam@board:TKB":"This article has been marked as
spam","messageMarkedAsSpam@board:BLOG":"This post has been marked as
spam","messageMarkedAsSpam@board:FORUM":"This discussion has been marked as
spam","messageMarkedAsSpam@board:OCCASION":"This event has been marked as
spam","messageMarkedAsSpam@board:IDEA":"This idea has been marked as spam","manageSpam":"Manage
Spam","messageMarkedAsAbuse":"This post has been marked as abuse","messageMarkedAsAbuse@board:TKB":"This
article has been marked as abuse","messageMarkedAsAbuse@board:BLOG":"This post has been marked as
abuse","messageMarkedAsAbuse@board:FORUM":"This discussion has been marked as
abuse","messageMarkedAsAbuse@board:OCCASION":"This event has been marked as
abuse","messageMarkedAsAbuse@board:IDEA":"This idea has been marked as
abuse","preModCommentAuthorText":"This comment will be published as soon as it is
approved","preModCommentModeratorText":"This comment is awaiting moderation","messageMarkedAsOther":"This post
has been rejected due to other reasons","messageMarkedAsOther@board:TKB":"This article has been rejected due to other
reasons","messageMarkedAsOther@board:BLOG":"This post has been rejected due to other
reasons","messageMarkedAsOther@board:FORUM":"This discussion has been rejected due to other
reasons","messageMarkedAsOther@board:OCCASION":"This event has been rejected due to other
reasons","messageMarkedAsOther@board:IDEA":"This idea has been rejected due to other
reasons","messageArchived":"This post was archived on {date}","relatedUrl":"View Related
Content","relatedContentText":"Showing related content","archivedContentLink":"View Archived
Content"},"localOverride":false},"Category:category:Exchange":
{"__typename":"Category","id":"category:Exchange","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Outlook":
{"__typename":"Category","id":"category:Outlook","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Community-Info-Center":
{"__typename":"Category","id":"category:Community-Info-Center","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:EducationSector":
{"__typename":"Category","id":"category:EducationSector","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:DrivingAdoption":
{"__typename":"Category","id":"category:DrivingAdoption","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Azure":
{"__typename":"Category","id":"category:Azure","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Windows-Server":
{"__typename":"Category","id":"category:Windows-Server","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:MicrosoftTeams":
{"__typename":"Category","id":"category:MicrosoftTeams","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 34 of 38

{"__typename":"PolicyResult","failureReason":null}}},"Category:category:PublicSector":
{"__typename":"Category","id":"category:PublicSector","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:microsoft365":
{"__typename":"Category","id":"category:microsoft365","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:IoT":
{"__typename":"Category","id":"category:IoT","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:HealthcareAndLifeSciences":
{"__typename":"Category","id":"category:HealthcareAndLifeSciences","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:ITOpsTalk":
{"__typename":"Category","id":"category:ITOpsTalk","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:MicrosoftMechanics":
{"__typename":"Category","id":"category:MicrosoftMechanics","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:MicrosoftforNonprofits":
{"__typename":"Category","id":"category:MicrosoftforNonprofits","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:PartnerCommunity":
{"__typename":"Category","id":"category:PartnerCommunity","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Microsoft365Copilot":
{"__typename":"Category","id":"category:Microsoft365Copilot","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Windows":
{"__typename":"Category","id":"category:Windows","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Content_Management":
{"__typename":"Category","id":"category:Content_Management","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:CommunityNewsDesk":
{"__typename":"Category","id":"category:CommunityNewsDesk","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:microsoft-learn-for-educators":
{"__typename":"Category","id":"category:microsoft-learn-for-educators","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:mvp":
{"__typename":"Category","id":"category:mvp","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:microsoftintune":
{"__typename":"Category","id":"category:microsoftintune","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:microsoft-global-community-initiative":
{"__typename":"Category","id":"category:microsoft-global-community-initiative","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:usergroups":
{"__typename":"Category","id":"category:usergroups","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:skills-hub":
{"__typename":"Category","id":"category:skills-hub","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Blog:board:skills-hub-blog":
{"__typename":"Blog","id":"board:skills-hub-blog","blogPolicies":{"__typename":"BlogPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"CachedAsset:text:en_US-components/community/Navbar-1775111751358":{"__typename":"CachedAsset","id":"text:en_US-components/community/Navbar-1775111751358","value":{"community":"Community Home","inbox":"Inbox","manageContent":"Manage
Content","tos":"Terms of Service","forgotPassword":"Forgot Password","themeEditor":"Theme Editor","edit":"Edit
Navigation Bar","skipContent":"Skip to content","gxcuf89792":"Tech Community","windows-server":"Windows
Server","ms-learn-ext-security":"Microsoft Security","Common_Enntvz-i-t-ops-talk-link":"ITOps Talk","education-sector":"Education Sector","Common-external-link-9":"Microsoft 365","Common-external-link-8":"Dynamics
365","Common-external-link-7":"Skilling Room Directory","Common-external-link-6":"Events","Common-external-link-5":"Blogs","Common-external-link-4":"View All","Common-gxcuf89792-community":"Community","Common-external-https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 35 of 38

link-3":"Topics","microsoft365":"Microsoft 365","Common_Enntvz-community-news-desk-link":"Community News
Desk","Common_Enntvz-azure-link":"Azure","Common-community-info-center-link":"Lounge","azure":"Azure","Common_Enntvz-windows-link":"Windows","Common_Enntvz-education-sector-link":"Education Sector","Common-windows-server-link":"Windows Server","products-link":"Products","Common_Enntvz-partner-community-link":"Microsoft Partner Community","microsoft-learn-blog":"Blog","Common-external-link-2":"View All","community-hub-link":"Community Hubs","Common-mvp-link":"Microsoft MVP Program","community-info-center":"Lounge","microsoft-endpoint-manager":"Microsoft
Intune","startupsat-microsoft":"Startups at Microsoft","ms-learn-ext-azure":"Azure","Common_Enntvz-content_management-link":"Content Management","ms-learn-ext-github":"Github","Common-microsoft365-
link":"Microsoft 365","Common-i-t-ops-talk-link":"ITOps Talk","Common_Enntvz-view-all-products-link":"View
All","Common-microsoft-global-community-initiative-link":"Microsoft Global Community Initiative (MGCI)","all-events-link":"Events","Common_Enntvz-microsoft-learn-for-educators-link":"Microsoft Learn for Educators","Common-external-link":"Community Hubs","Common-partner-community-link":"Microsoft Partner Community","Common-microsoft-learn-for-educators-link":"Microsoft Learn for Educators","Common_Enntvz-microsoft-teams-link":"Microsoft Teams","driving-adoption":"Driving Adoption","microsoft-learn":"Microsoft Learn","Common-healthcare-and-life-sciences-link":"Healthcare and Life Sciences","planner":"Outlook","Common_Enntvz-exchange-link":"Exchange","healthcare-and-life-sciences":"Healthcare and Life Sciences","Common-external-link-10":"View All","Common-driving-adoption-link":"Driving Adoption","ms-learn-ext-pp":"Power Platform","Common_Enntvz-windows-server-link":"Windows
Server","Common-io-t-link":"Internet of Things (IoT)","Skills-Hub":"Skills Hub","microsoft-teams":"Microsoft
Teams","Common-outlook-link":"Outlook","Common_Enntvz-public-sector-link":"Public Sector","Common-windows-link":"Windows","all-blogs-link":"Blogs","communities":"Products","Common_Enntvz-usergroups-link":"User
Groups","Common_Enntvz-microsoft-global-community-initiative-link":"Microsoft Global Community Initiative
(MGCI)","Skills-Hub-link":"Community","Common_Enntvz-io-t-link":"Internet of Things (IoT)","ms-learn-ext-m365":"Microsoft 365","Common_Enntvz-microsoft-mechanics-link":"Microsoft Mechanics","microsoft-learn-community":"Community","partner-community":"Microsoft Partner Community","Common-microsoft-mechanics-link":"Microsoft Mechanics","Common_Enntvz-healthcare-and-life-sciences-link":"Healthcare and Life
Sciences","microsoft-mechanics":"Microsoft Mechanics","Common-microsoft-security-link":"Microsoft
Security","Common-education-sector-link":"Education Sector","Skills-Hub-Blog":"Blog","i-t-ops-talk":"ITOps
Talk","microsoft-securityand-compliance":"Microsoft Security","Common_Enntvz-microsoftintune-link":"Microsoft
Intune","Common-azure-link":"Azure","Common-microsoftintune-link":"Microsoft Intune","Common_Enntvz-view-all-topics-link":"View All","Common-usergroups-link":"User Groups","Common-public-sector-link":"Public
Sector","Common_Enntvz-microsoft-security-link":"Microsoft Security","Common_Enntvz-outlook-link":"Outlook","Common_Enntvz-mvp-link":"Microsoft MVP Program","exchange":"Exchange","topics-link":"Topics","io-t":"Internet of Things (IoT)","Common-microsoft365-copilot-link":"Microsoft 365 Copilot","Common-microsoft-teams-link":"Microsoft Teams","s-m-b":"Nonprofit Community","Common_Enntvz-community-info-center-link":"Lounge","Common_Enntvz-microsoft365-copilot-link":"Microsoft 365 Copilot","Common_Enntvz-microsoftfor-nonprofits-link":"Nonprofit Community","Common_Enntvz-microsoft365-link":"Microsoft 365","Common-content_management-link":"Content Management","ms-learn-ext-teams":"Teams","s-q-l-server":"Content
Management","products-services":"Products","Common-community-news-desk-link":"Community News Desk","ms-learn-ext-LD":"Skilling Room Directory","Common-exchange-link":"Exchange","Common-gxcuf89792-link":"Tech
Community","windows":"Windows","public-sector":"Public Sector","Common_Enntvz-driving-adoption-link":"Driving
Adoption","Common-microsoftfor-nonprofits-link":"Nonprofit Community","ms-learn-ext-net":".NET","ms-learn-ext-dynamics":"Dynamics 365","a-i":"AI and Machine Learning","outlook":"Microsoft 365
Copilot"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarHamburgerDropdown-1775111751358":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarHamburgerDropdown-1775111751358","value":{"hamburgerLabelOpen":"Open Side Menu","hamburgerLabelClose":"Close Side
Menu"},"localOverride":false},"CachedAsset:text:en_US-components/community/BrandLogo-1775111751358":
{"__typename":"CachedAsset","id":"text:en_US-components/community/BrandLogo-1775111751358","value":
{"logoAlt":"Khoros","themeLogoAlt":"Brand Logo","linkAriaLabel":"Go to community home
page"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarTextLinks-1775111751358":
{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarTextLinks-1775111751358","value":
{"more":"More"},"localOverride":false},"CachedAsset:text:en_US-components/search/SpotlightSearchIcon-1775111751358":{"__typename":"CachedAsset","id":"text:en_US-components/search/SpotlightSearchIcon-1775111751358","value":{"search":"Search"},"localOverride":false},"CachedAsset:text:en_US-components/authentication/AuthenticationLink-1775111751358":{"__typename":"CachedAsset","id":"text:en_US-components/authentication/AuthenticationLink-1775111751358","value":{"title.login":"Sign
In","title.registration":"Register","title.forgotPassword":"Forgot Password","title.multiAuthLogin":"Sign
In"},"localOverride":false},"CachedAsset:text:en_US-components/nodes/NodeLink-1775111751358":
{"__typename":"CachedAsset","id":"text:en_US-components/nodes/NodeLink-1775111751358","value":{"place":"Go back
to {name}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageView/MessageViewStandard-1775111751358":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageView/MessageViewStandard-1775111751358","value":
{"anonymous":"Anonymous","author":"{messageAuthorLogin}","authorBy":"{messageAuthorLogin}","board":"
{messageBoardTitle}","replyToUser":" to {parentAuthor}","showMoreReplies":"Show
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 36 of 38

More","replyText":"Reply","repliesText":"Replies","markedAsSolved":"Marked as Solution","messageStatus":"Status:
","statusChanged":"Status changed: {previousStatus} to {currentStatus}","statusAdded":"Status added:
{status}","statusRemoved":"Status removed: {status}","labelExpand":"expand replies","labelCollapse":"collapse
replies","unhelpfulReason.reason1":"Content is outdated","unhelpfulReason.reason2":"Article is missing
information","unhelpfulReason.reason3":"Content is for a different Product","unhelpfulReason.reason4":"Doesn't match
what I was searching for"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageReplyCallToAction-1775111751358":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageReplyCallToAction-1775111751358","value":{"leaveReply":"Leave a
reply...","leaveReply@board:BLOG@message:root":"Leave a
comment...","leaveReply@board:TKB@message:root":"Leave a
comment...","leaveReply@board:IDEA@message:root":"Leave a
comment...","leaveReply@board:OCCASION@message:root":"Leave a comment...","repliesTurnedOff.FORUM":"Replies
are turned off for this topic","repliesTurnedOff.BLOG":"Comments are turned off for this
topic","repliesTurnedOff.TKB":"Comments are turned off for this topic","repliesTurnedOff.IDEA":"Comments are turned
off for this topic","repliesTurnedOff.OCCASION":"Comments are turned off for this topic","infoText":"Stop poking
me!"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1775111751358":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarDropdownToggle-1775111751358","value":{"ariaLabelClosed":"Press the down arrow to open the
menu"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageCoverImage-1775111751358":
{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageCoverImage-1775111751358","value":
{"coverImageTitle":"Cover Image"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeTitle-1775111751358":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeTitle-1775111751358","value":{"nodeTitle":"{nodeTitle, select, community
{Community} other {{nodeTitle}}} "},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageTimeToRead-1775111751358":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageTimeToRead-1775111751358","value":{"minReadText":"{min} MIN
READ"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageSubject-1775111751358":
{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageSubject-1775111751358","value":
{"noSubject":"(no subject)"},"localOverride":false},"CachedAsset:text:en_US-components/users/UserLink-1775111751358":{"__typename":"CachedAsset","id":"text:en_US-components/users/UserLink-1775111751358","value":
{"authorName":"View Profile: {author}","anonymous":"Anonymous","ariaLabel.rank":"Rank:
{rankName}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserRank-1775111751358":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserRank-1775111751358","value":{"rankName":"{rankName}","userRank":"Author rank
{rankName}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageTime-1775111751358":
{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageTime-1775111751358","value":
{"postTime":"Published: {time}","lastPublishTime":"Last Update: {time}","conversation.lastPostingActivityTime":"Last
posting activity time: {time}","conversation.lastPostTime":"Last post time: {time}","moderationData.rejectTime":"Rejected
time: {time}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageBody-1775111751358":
{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageBody-1775111751358","value":
{"showMessageBody":"Show More","mentionsErrorTitle":"{mentionsType, select, board {Board} user {User} message
{Message} other {}} No Longer Available","mentionsErrorMessage":"The {mentionsType} you are trying to view has been
removed from the community.","videoProcessing":"Video is being processed. Please try again in a few
minutes.","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the
provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageCustomFields-1775111751358":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageCustomFields-1775111751358","value":{"CustomField.default.label":"Value of
{name}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageRevision-1775111751358":
{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageRevision-1775111751358","value":
{"lastUpdatedDatePublished":"{publishCount, plural, one{Published} other{Updated}}
{date}","lastUpdatedDateDraft":"Created {date}","version":"Version {major}.
{minor}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/QueryHandler-1775111751358":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/QueryHandler-1775111751358","value":{"title":"Query Handler"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagList-1775111751358":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagList-1775111751358","value":{"showMoreFor":"Show more for {title}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageReplyButton-1775111751358":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageReplyButton-1775111751358","value":{"repliesCount":"
{count}","title":"Reply","title@board:BLOG@message:root":"Comment","title@board:TKB@message:root":"Comment","title@board:IDEA@message:
components/messages/MessageAuthorBio-1775111751358":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageAuthorBio-1775111751358","value":{"sendMessage":"Send
Message","actionMessage":"Follow this blog board to get notified when there's new activity","coAuthor":"CO-PUBLISHER","contributor":"CONTRIBUTOR","userProfile":"View Profile","iconlink":"Go to {name}
{type}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1775111751358":
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 37 of 38

{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserAvatar-1775111751358","value":
{"altText":"{login}'s avatar","altTextGeneric":"User's avatar"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/ranks/UserRankLabel-1775111751358":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/ranks/UserRankLabel-1775111751358","value":{"altTitle":"Icon for {rankName}
rank"},"localOverride":false},"CachedAsset:text:en_US-components/users/UserRegistrationDate-1775111751358":
{"__typename":"CachedAsset","id":"text:en_US-components/users/UserRegistrationDate-1775111751358","value":
{"noPrefix":"{date}","withPrefix":"Joined {date}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeAvatar-1775111751358":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeAvatar-1775111751358","value":{"altTitle":"Node avatar for
{nodeTitle}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeDescription-1775111751358":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeDescription-1775111751358","value":{"description":"{description}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1775111751358":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeIcon-1775111751358","value":{"contentType":"Content Type {style, select, FORUM
{Forum} BLOG {Blog} TKB {Knowledge Base} IDEA {Ideas} OCCASION {Events} other {}}
icon"},"localOverride":false}}}},"page":"/blogs/BlogMessagePage/BlogMessagePage","query":{"boardId":"microsoft-entra-blog","messageSubject":"understanding-solorigates-identity-iocs---for-identity-vendors-and-their-custome","messageId":"2007610"},"buildId":"VXuOn2D5MfObWEiRanLQ9","runtimeConfig":
{"buildInformationVisible":false,"logLevelApp":"info","logLevelMetrics":"info","surveysEnabled":true,"openTelemetry":
{"clientEnabled":false,"configName":"o365","serviceVersion":"26.1.0","universe":"prod","collector":"http://localhost:4318","logLevel":"error","routeCha
["components_community_Navbar_NavbarWidget","components_community_Breadcrumb_BreadcrumbWidget","components_customComponent_Custo
[{"id":"analytics","src":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/pagescripts/1751476272000/analytics.js?
page.id=BlogMessagePage&entity.id=board%3Amicrosoft-entra-blog&entity.id=message%3A2007610","strategy":"afterInteractive"}]}
Source: https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/200761
0
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610
Page 38 of 38