[ronbenton]

Bypassing logging feels relatively unimportant compared to some of the recent EntraID vulns we’ve seen

[ares623]

It takes a village of exploits to raise a successful and undetected attack.

[BoredPositron]

Microsoft standpoint is probably: If it's undetected was there really an attack?

[12_throw_away]

I dunno. It seems kinda bad that core auth log - which should be a primary source of truth during, say, a security audit - seems to work on a best-effort basis?