Sign in Subscribe

Who we are

Who we are

Greyline Intelligence is an independent Microsoft 365 and identity-focused threat intelligence publication.

We track real-world attack tradecraft across Microsoft 365, Entra ID, OAuth abuse, AiTM phishing, session hijacking, and modern cloud intrusion patterns — and translate it into clear, actionable takeaways for security teams.

What you'll get

Threat briefings that matter
Short, high-signal write-ups on active attacker techniques and how they show up in real environments. Practical detection ideas for Defender XDR and Microsoft Sentinel, including KQL and investigation workflows.

Detection & Response guidance
Practical detection ideas for Defender XDR and Microsoft Sentinel, including KQL and investigation workflows.

Microsoft 365 hardening insights
Configuration-level recommendations that reduce real risk — Conditional Access, legacy auth exposure, risky OAuth apps, and more.

Who this is for

  • SOC analysts & detection engineers
  • Security admins managing Microsoft 365/Entra
  • Incident responders
  • Security leaders who need clarity without the noise