Luckily, he did □ Azure ADĪzure Active Directory (Azure AD) is Microsoft’s Identity and Access Management (IAM) service used by Microsoft 365 and Azure, but also by thousands of third party service providers.Īn instance of Azure AD is called tenant. I replied to Sravan and asked him to DM me if he’d like me to have a look on his case. This story, like many others, began after a tweet: The blog is co-authored with and is based on his findings. ![]() We’ll introduce the issue, describe how to exploit it, show how to detect exploitation, and finally, how to prevent the exploitation. This blog post tries to shed some light on how Azure AD authentication works under-the-hood. However, because of Azure AD authentication platform architecture, users can bypass home tenant MFA and CA policies when logging in directly to resource tenants. ![]() Multi-factor Authentication (MFA) and Conditional Access (CA) policies are powerful tools to protect Azure AD users’ identities.įor instance, one may allow access only from compliant devices and require MFA from all users.
0 Comments
Leave a Reply. |