Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Similar Podcasts
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
Android Bytes (powered by Esper)
Android Bytes (powered by Esper) is the podcast that dives deep into the engineering and business decisions behind the world’s most popular OS. https://www.esper.io
Android powers over 3 billion devices worldwide and is the platform of choice for over a thousand companies. You’ll find Android on smartphones, tablets, watches, TV, cars, kiosks, and so much more. How does Google architect Android to run on so many form factors, and how do companies fork AOSP to make it run on even more devices? These are the kinds of questions the Android Bytes podcast considers each week.
Join cohosts Mishaal Rahman and David Ruddock, two journalists with extensive knowledge covering the Android OS platform and ecosystem, as they speak to system architects, kernel engineers, app developers, and other distinguished experts in the Android space.
Get in touch with us at Esper.io if you’re looking to use Android for your product — we have the experience you need.
Risky Business #742 -- China bans AMD and Intel, pivots to Linux on the desktop
On this week’s show Patrick and Adam discuss the week’s security news, including: FVEY protests China’s widespread hacking of western politicians China bans western CPUs, Windows and databases Apple’s leaky M-chip prefetcher Nigeria holds ex-IRS investigator hostage in Binance stoush Researchers bring Rowhammer to AMD Zen and DDR5 And much, much more. This week’s show is brought to you by Thinkst Canary. Its founder Haroon Meer joins this week’s show to make a passionate case that security vendors don’t all have to go for explosive growth. Slow and steady with a focus on excellent and relevant products will win the race, he says. Show notes Justice Department indicts 7 accused in 14-year hack campaign by Chinese gov Parliament network breached in China-led cyberattack, Judith Collins reveals China blocks use of Intel and AMD chips in government computers Announcement of Safety and Reliability Evaluation Results (No. 1, 2023) Unpatchable vulnerability in Apple chip leaks secret encryption keys | Ars Technica How Ukraine is using mobile phones on 6ft poles to stop drones Russian military intelligence may have deployed wiper against multiple Ukrainian ISPs | CyberScoop US penalizes Russian fintech firms that helped others evade sanctions UN probing 58 alleged crypto heists by North Korea worth $3 billion Detained execs, a bold escape, and tax evasion charges: Nigeria takes aim at Binance The DOJ Puts Apple's iMessage Encryption in the Antitrust Crosshairs | WIRED Mark Zuckerberg told Facebook execs to 'figure out' how to track encrypted usage on rival apps like Snap and YouTube, unsealed documents show ‘Far-reaching’ hack stole information from Python developers ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms One Man’s Army of Streaming Bots Reveals a Whole Industry’s Problem Apex Legends hacker said he hacked tournament games ‘for fun’ | TechCrunch
Risky Biz Soap Box: Why Azure vulns should get CVEs
In this Soap Box edition of the podcast Patrick Gray talks to Nucleus Security co-founder Scott Kuffer about whether or not cloud service vulnerabilities should get CVEs, what on earth is happening with NIST’s National Vulnerability Database (NVD) and more.
Risky Biz Soap Box: Why Azure vulns should get CVEs
In this Soap Box edition of the podcast Patrick Gray talks to Nucleus Security co-founder Scott Kuffer about whether or not cloud service vulnerabilities should get CVEs, what on earth is happening with NIST’s National Vulnerability Database (NVD) and more.
Risky Business #741 -- The Mintlify breach and modern supply chains
On this week’s show Patrick and Adam discuss the week’s security news, including: Turns out AI is still bad code review after all, Mintlify loses a bunch of Github tokens, Everything old is new again with the UDP loop DoS, Know-your-(recon satellite)-customer is hard, Microsoft takes away Russia’s powershell, solving living off the land, And much, much more This week’s show is brought to you by Material Security. In this week’s sponsor interview we speak with Material’s Rajan Kapoor, VP of Customer Experience at Material. We’re also joined by Chaim Sanders, who heads Security and Privacy at Lyft. Show notes Anthropic’s CISO drinks the AI kool aid - backpedals frantically on security analysis claim Incident report on March 13, 2024 - Mintlify Loop DoS: New Denial-of-Service attack targets application-layer protocols State of IP Spoofing Pharmaceutical development company investigating cyberattack after LockBit posting Exclusive: After LockBit’s takedown, its purported leader vows to hack on Russian-Canadian hacker sentenced for global ransomware scheme to be extradited | CTV News A Suspicious Pattern Alarming the Ukrainian Military - The Atlantic Exclusive: Musk's SpaceX is building spy satellite network for US intelligence agency, sources say | Reuters Elon Musk’s SpaceX Forges Closer Ties With U.S. Spy and Military Agencies - WSJ Russians will no longer be able to access Microsoft cloud services, business intelligence tools Rostelecom blocks the SIP protocol for clients of Russian hosters / Sudo Null IT News Researchers spot updated version of malware that hit Viasat | CyberScoop Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | Trend Micro (US) PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders | CISA US is still chasing down pieces of Chinese hacking operation, NSA official says 875 workers rescued in Tarlac POGO raid | Philippine News Agency Fujitsu says it found malware on its corporate network, warns of possible data breach | Ars Technica Mike Lindell must pay a Nevada man after election data dispute - The Washington Post
Risky Business #741 -- The Mintlify breach and modern supply chains
On this week’s show Patrick and Adam discuss the week’s security news, including: Turns out AI is still bad code review after all, Mintlify loses a bunch of Github tokens, Everything old is new again with the UDP loop DoS, Know-your-(recon satellite)-customer is hard, Microsoft takes away Russia’s powershell, solving living off the land, And much, much more This week’s show is brought to you by Material Security. In this week’s sponsor interview we speak with Material’s Rajan Kapoor, VP of Customer Experience at Material. We’re also joined by Chaim Sanders, who heads Security and Privacy at Lyft. Show notes Anthropic’s CISO drinks the AI kool aid - backpedals frantically on security analysis claim Incident report on March 13, 2024 - Mintlify Loop DoS: New Denial-of-Service attack targets application-layer protocols State of IP Spoofing Pharmaceutical development company investigating cyberattack after LockBit posting Exclusive: After LockBit’s takedown, its purported leader vows to hack on Russian-Canadian hacker sentenced for global ransomware scheme to be extradited | CTV News A Suspicious Pattern Alarming the Ukrainian Military - The Atlantic Exclusive: Musk's SpaceX is building spy satellite network for US intelligence agency, sources say | Reuters Elon Musk’s SpaceX Forges Closer Ties With U.S. Spy and Military Agencies - WSJ Russians will no longer be able to access Microsoft cloud services, business intelligence tools Rostelecom blocks the SIP protocol for clients of Russian hosters / Sudo Null IT News Researchers spot updated version of malware that hit Viasat | CyberScoop Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | Trend Micro (US) PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders | CISA US is still chasing down pieces of Chinese hacking operation, NSA official says 875 workers rescued in Tarlac POGO raid | Philippine News Agency Fujitsu says it found malware on its corporate network, warns of possible data breach | Ars Technica Mike Lindell must pay a Nevada man after election data dispute - The Washington Post
Risky Business #740 -- Midnight Blizzard's Microsoft hack isn't over
On this week’s show Patrick and Adam discuss the week’s security news, including: Weather forecast in Redmond is still for blizzards at midnight Maybe Change Healthcare wasn’t just crying nation-state wolf Hackers abuse e-prescription systems to sell drugs CISA goes above and beyond to relate to its constituency by getting its Ivantis owned VMware drinks from the Tianfu Cup Much, much more This week’s feature guest is John P Carlin. He was principal associate deputy attorney general under Deputy Attorney General Lisa Monaco for about 18 months in 2021 and 2022, and also served as Robert Mueller’s chief of staff when he was FBI director. John is joining us this week to talk about all things SEC. He wrote the recent Amicus Brief that says the SEC needs to be careful in its action against Solarwinds. He’ll also be talking to us more generally about these new SEC disclosure requirements, which are in full swing. Rad founder Jimmy Mesta will along in this week’s sponsor segment to talk about some really interesting work they’ve done in baselining cloud workloads. It’s the sort of thing that sounds simple that really, really isn’t. Show notes Risky Biz News: The aftermath of Microsoft's SVR hack is rearing its ugly head Swindled Blackcat affiliate wants money from Change Healthcare ransom - Blog | Menlo Security BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare – Krebs on Security Change Healthcare systems expected to come back online in mid-March | Cybersecurity Dive LockBit takes credit for February shutdown of South African pension fund Ransomware gang claims to have made $3.4 million after attacking children’s hospital Jason D. Clinton on X: "Fully automated vulnerability research is changing the cybersecurity landscape Claude 3 Opus is capable of reading source code and identifying complex security vulnerabilities used by APTs. But scaling is still a challenge. Demo: https://t.co/UfLNGdkLp8 This is beginner-level… https://t.co/mMQb2vYln1" / X Jason Koebler on X: "Hackers are hacking doctors, then using their digital prescription portals to "legitimately" prescribe themselves & their customers adderall, oxy, and other prescription drugs https://t.co/6elTKQnXSB" / X How Hackers Dox Doctors to Order Mountains of Oxy and Adderall CISA forced to take two systems offline last month after Ivanti compromise VMware sandbox escape bugs are so critical, patches are released for end-of-life products | Ars Technica A Close Up Look at the Consumer Data Broker Radaris – Krebs on Security Brief of Amici Curiae Former Government Officials Securities and Exchange Commission v Solarwinds Corp
Risky Business #740 -- Midnight Blizzard's Microsoft hack isn't over
On this week’s show Patrick and Adam discuss the week’s security news, including: Weather forecast in Redmond is still for blizzards at midnight Maybe Change Healthcare wasn’t just crying nation-state wolf Hackers abuse e-prescription systems to sell drugs CISA goes above and beyond to relate to its constituency by getting its Ivantis owned VMware drinks from the Tianfu Cup Much, much more This week’s feature guest is John P Carlin. He was principal associate deputy attorney general under Deputy Attorney General Lisa Monaco for about 18 months in 2021 and 2022, and also served as Robert Mueller’s chief of staff when he was FBI director. John is joining us this week to talk about all things SEC. He wrote the recent Amicus Brief that says the SEC needs to be careful in its action against Solarwinds. He’ll also be talking to us more generally about these new SEC disclosure requirements, which are in full swing. Rad founder Jimmy Mesta will along in this week’s sponsor segment to talk about some really interesting work they’ve done in baselining cloud workloads. It’s the sort of thing that sounds simple that really, really isn’t. Show notes Risky Biz News: The aftermath of Microsoft's SVR hack is rearing its ugly head Swindled Blackcat affiliate wants money from Change Healthcare ransom - Blog | Menlo Security BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare – Krebs on Security Change Healthcare systems expected to come back online in mid-March | Cybersecurity Dive LockBit takes credit for February shutdown of South African pension fund Ransomware gang claims to have made $3.4 million after attacking children’s hospital Jason D. Clinton on X: "Fully automated vulnerability research is changing the cybersecurity landscape Claude 3 Opus is capable of reading source code and identifying complex security vulnerabilities used by APTs. But scaling is still a challenge. Demo: https://t.co/UfLNGdkLp8 This is beginner-level… https://t.co/mMQb2vYln1" / X Jason Koebler on X: "Hackers are hacking doctors, then using their digital prescription portals to "legitimately" prescribe themselves & their customers adderall, oxy, and other prescription drugs https://t.co/6elTKQnXSB" / X How Hackers Dox Doctors to Order Mountains of Oxy and Adderall CISA forced to take two systems offline last month after Ivanti compromise VMware sandbox escape bugs are so critical, patches are released for end-of-life products | Ars Technica A Close Up Look at the Consumer Data Broker Radaris – Krebs on Security Brief of Amici Curiae Former Government Officials Securities and Exchange Commission v Solarwinds Corp
Risky Business #739 -- ALPHV exit scams while Change Healthcare burns
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: The serious consequences from the Change Healthcare ransomware, and the need for a … nastier response Predator spyware maker getting a stern sanctioning A German military WebEx meeting gets snooped Mem-corrpution is still king And much, much more In this week’s sponsor interview Patrick Gray speaks to Karl McGuinness, Okta’s chief architect, about some new security improvements they’ve built into their IDP. Show notes U.S. Air Force employee charged with giving classified information to woman he met on dating site Ransomware attack on U.S. health care payment processor ‘most serious incident of its kind’ AlphV’s hit on Change Healthcare strikes a sour note for defenders | Cybersecurity Dive Office of Public Affairs | Justice Department Disrupts Prolific ALPHV/Blackcat Ransomware Variant | United States Department of Justice Developing: AlphV allegedly scammed Change Healthcare and its own affiliate (1) Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment | WIRED Ciaran Martin on X: "“We have to find a way of making a ransom ban work” - me for @thetimes US launches antitrust investigation into UnitedHealth, WSJ reports | Reuters Brett Callow on X: "#Lockbit has de-listed Fulton County. Predator spyware endures even after widespread exposure, analysis shows | CyberScoop Predator spyware infrastructure taken down after exposure | CyberScoop U.S. bans maker of spyware that targeted a senator's phone Spyware maker NSO Group ordered to turn over Pegasus code in WhatsApp case Whatsapp Inc vs NSO Group Russia’s chief propagandist leaks intercepted German military Webex conversation The White House's Oddly Specific, and Really Quite Good, Software Engineering Advice A leaky database spilled 2FA codes for the world’s tech giants | TechCrunch In ConnectWise attacks, Play and LockBit ransomware exploits developed quickly | Cybersecurity Dive How to Secure the SaaS Apps of the Future | Okta Security
Risky Business #739 -- ALPHV exit scams while Change Healthcare burns
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: The serious consequences from the Change Healthcare ransomware, and the need for a … nastier response Predator spyware maker getting a stern sanctioning A German military WebEx meeting gets snooped Mem-corrpution is still king And much, much more In this week’s sponsor interview Patrick Gray speaks to Karl McGuinness, Okta’s chief architect, about some new security improvements they’ve built into their IDP. Show notes U.S. Air Force employee charged with giving classified information to woman he met on dating site Ransomware attack on U.S. health care payment processor ‘most serious incident of its kind’ AlphV’s hit on Change Healthcare strikes a sour note for defenders | Cybersecurity Dive Office of Public Affairs | Justice Department Disrupts Prolific ALPHV/Blackcat Ransomware Variant | United States Department of Justice Developing: AlphV allegedly scammed Change Healthcare and its own affiliate (1) Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment | WIRED Ciaran Martin on X: "“We have to find a way of making a ransom ban work” - me for @thetimes US launches antitrust investigation into UnitedHealth, WSJ reports | Reuters Brett Callow on X: "#Lockbit has de-listed Fulton County. Predator spyware endures even after widespread exposure, analysis shows | CyberScoop Predator spyware infrastructure taken down after exposure | CyberScoop U.S. bans maker of spyware that targeted a senator's phone Spyware maker NSO Group ordered to turn over Pegasus code in WhatsApp case Whatsapp Inc vs NSO Group Russia’s chief propagandist leaks intercepted German military Webex conversation The White House's Oddly Specific, and Really Quite Good, Software Engineering Advice A leaky database spilled 2FA codes for the world’s tech giants | TechCrunch In ConnectWise attacks, Play and LockBit ransomware exploits developed quickly | Cybersecurity Dive How to Secure the SaaS Apps of the Future | Okta Security
Risky Business #738 -- LockBit is down but not out. Yet.
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: LockBit gets back up after takedown Russia arrests Medibank hacker… for something else ConnectWise gives out free updates, but customers aren’t happy Microsoft gives in to demands for more logs Sandvine gets entity-listed And much much more. Dmitri Alperovitch also joins the show to discuss Starlink, Starshield and a row with Congress about its availability in Taiwan. In this week’s sponsor interview, Airlock Digital’s Daniel Schell talks about his adventures with WDAC, and Dave Cottingham predicts Windows 12 will go all in on signed code. Show notes LockBit group revives operations after takedown | Cybersecurity Dive Lockbit ransomware group administrative staff have released a lengthy response to the FBI and bystanders FBI’s LockBit Takedown Postponed a Ticking Time Bomb in Fulton County, Ga. – Krebs on Security Russia detains hacker behind Australia’s Medibank attack Russia arrests three alleged SugarLocker ransomware members Change Healthcare incident drags on as report pins it on ransomware group Ransomware Groups Are Bouncing Back Faster From Law Enforcement Busts ‘Alarming’ cyberattack hits Canada’s federal police, criminal investigation launched ConnectWise ScreenConnect faces new attacks involving LockBit ransomware | Cybersecurity Dive Microsoft rolls out expanded logging six months after Chinese breach | CyberScoop Sandvine added to US Entity List Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections FACT SHEET: ONCD Report Calls for Adoption of Memory Safe Programming Languages and Addressing the Hard Research Problem of Software Measurability Risky Biz News: Backdoor code found in Tornado Cash House China committee demands Elon Musk open SpaceX Starshield internet to U.S. troops in Taiwan The UK Is GPS-Tagging Thousands of Migrants | WIRED How the Pentagon Learned to Use Targeted Ads to Find Its Targets—and Vladimir Putin | WIRED New Biden order would stem flow of Americans’ sensitive data to China - The Washington Post
Risky Business #738 -- LockBit is down but not out. Yet.
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: LockBit gets back up after takedown Russia arrests Medibank hacker… for something else ConnectWise gives out free updates, but customers aren’t happy Microsoft gives in to demands for more logs Sandvine gets entity-listed And much much more. Dmitri Alperovitch also joins the show to discuss Starlink, Starshield and a row with Congress about its availability in Taiwan. In this week’s sponsor interview, Airlock Digital’s Daniel Schell talks about his adventures with WDAC, and Dave Cottingham predicts Windows 12 will go all in on signed code. Show notes LockBit group revives operations after takedown | Cybersecurity Dive Lockbit ransomware group administrative staff have released a lengthy response to the FBI and bystanders FBI’s LockBit Takedown Postponed a Ticking Time Bomb in Fulton County, Ga. – Krebs on Security Russia detains hacker behind Australia’s Medibank attack Russia arrests three alleged SugarLocker ransomware members Change Healthcare incident drags on as report pins it on ransomware group Ransomware Groups Are Bouncing Back Faster From Law Enforcement Busts ‘Alarming’ cyberattack hits Canada’s federal police, criminal investigation launched ConnectWise ScreenConnect faces new attacks involving LockBit ransomware | Cybersecurity Dive Microsoft rolls out expanded logging six months after Chinese breach | CyberScoop Sandvine added to US Entity List Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections FACT SHEET: ONCD Report Calls for Adoption of Memory Safe Programming Languages and Addressing the Hard Research Problem of Software Measurability Risky Biz News: Backdoor code found in Tornado Cash House China committee demands Elon Musk open SpaceX Starshield internet to U.S. troops in Taiwan The UK Is GPS-Tagging Thousands of Migrants | WIRED How the Pentagon Learned to Use Targeted Ads to Find Its Targets—and Vladimir Putin | WIRED New Biden order would stem flow of Americans’ sensitive data to China - The Washington Post
Risky Business #737 -- LockBit gets absolutely rekt
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: LockBit has been taken down by law enforcement Some mega-juicy leaks out of Chinese offsec/APT contractor I-SOON GRU gets its Moobot network shutdown Signal adding usernames is… complicated Much, much more In this week’s sponsor interview Devicie’s Tom Plant joins the show to talk about problems orgs run into when it comes to Windows policies. There’s an expectation out there that Windows policies are set and forget, but sadly, this is not so. Show notes Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates – Krebs on Security Law enforcement disrupt world’s biggest ransomware operation Shanghai Anxun’s information is unreliable and is a trap for national government agencies. China spy agency renews foreign cyber intelligence warning after data breaches US Justice Department says it disrupted Russian intelligence hacking network | Reuters Several Ukrainian media outlets attacked by Russian hackers Polish PM says previous ruling party used Pegasus spyware against ‘very long’ list of victims Hackers are targeting Asian bank accounts using stolen facial recognition data Signal Finally Rolls Out Usernames, So You Can Keep Your Phone Number Private | WIRED Code injection or backdoor: A new look at Ivanti’s CVE-2021-44529 “the "AB" trigger has similar vibes to the Unreal IRCd and ProFTPD backdoors of the same timeframe.” FLATLINED: ANALYZING PULSE SECURE FIRMWARE AND BYPASSING INTEGRITY CHECKING CVSS 10 RCE in Screen Connect National Security Agency Announces Retirement of Cybersecurity Director Hunting M365 Invaders: Navigating the Shadows of Midnight Blizzard
Risky Business #737 -- LockBit gets absolutely rekt
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: LockBit has been taken down by law enforcement Some mega-juicy leaks out of Chinese offsec/APT contractor I-SOON GRU gets its Moobot network shutdown Signal adding usernames is… complicated Much, much more In this week’s sponsor interview Devicie’s Tom Plant joins the show to talk about problems orgs run into when it comes to Windows policies. There’s an expectation out there that Windows policies are set and forget, but sadly, this is not so. Show notes Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates – Krebs on Security Law enforcement disrupt world’s biggest ransomware operation Shanghai Anxun’s information is unreliable and is a trap for national government agencies. China spy agency renews foreign cyber intelligence warning after data breaches US Justice Department says it disrupted Russian intelligence hacking network | Reuters Several Ukrainian media outlets attacked by Russian hackers Polish PM says previous ruling party used Pegasus spyware against ‘very long’ list of victims Hackers are targeting Asian bank accounts using stolen facial recognition data Signal Finally Rolls Out Usernames, So You Can Keep Your Phone Number Private | WIRED Code injection or backdoor: A new look at Ivanti’s CVE-2021-44529 “the "AB" trigger has similar vibes to the Unreal IRCd and ProFTPD backdoors of the same timeframe.” FLATLINED: ANALYZING PULSE SECURE FIRMWARE AND BYPASSING INTEGRITY CHECKING CVSS 10 RCE in Screen Connect National Security Agency Announces Retirement of Cybersecurity Director Hunting M365 Invaders: Navigating the Shadows of Midnight Blizzard
Soap Box: A deep dive on how Russia's SVR is hacking Microsoft 365 tenants
The need to properly secure Entra ID tenants has been made pretty obvious this year thanks to a large-scale attack on them by Russia’s SVR intelligence agency. In this interview Andy Robbins from SpecterOps, the maker of Bloodhound Enterprise, talks through how he thinks those attacks actually went down, about how if you’re an o365 customer you’re using Entra ID whether you like it or not, and about how you can lock down your Entra ID tenant.
Soap Box: A deep dive on how Russia's SVR is hacking Microsoft 365 tenants
The need to properly secure Entra ID tenants has been made pretty obvious this year thanks to a large-scale attack on them by Russia’s SVR intelligence agency. In this interview Andy Robbins from SpecterOps, the maker of Bloodhound Enterprise, talks through how he thinks those attacks actually went down, about how if you’re an o365 customer you’re using Entra ID whether you like it or not, and about how you can lock down your Entra ID tenant.