Who we are
Greyline Intelligence is an independent Microsoft 365 and identity-focused threat intelligence publication.
We track real-world attack tradecraft across Microsoft 365, Entra ID, OAuth abuse, AiTM phishing, session hijacking, and modern cloud intrusion patterns — and translate it into clear, actionable takeaways for security teams.
What you’ll get
Threat briefings that matter
Short, high-signal writeups on active attacker techniques and how they show up in real environments.
Detection & response guidance
Practical detection ideas for Defender XDR and Microsoft Sentinel, including KQL and investigation workflows.
Microsoft 365 hardening insights
Configuration-level recommendations that reduce real risk — Conditional Access, legacy auth exposure, risky OAuth apps, and more.
Who this is for
Greyline Intelligence is built for:
- SOC analysts & detection engineers
- Security admins managing Microsoft 365 / Entra
- Incident responders
- Security leaders who need clarity without the noise
Stay up to date
Subscribe to get new posts delivered straight to your inbox — no algorithms, no filler, just signal.