Deep-dive to Azure Active Directory Identity Federation

Deep-dive to Azure Active Directory Identity Federation

Identity federation is regarded as the most secure way to authenticate users to Azure AD. In this blog, I’ll deep-dive to identity federation implementation of Azure AD and point out some serious security issues.

How to create over 256 character long passwords for cloud-only users

How to create over 256 character long passwords for cloud-only users

Microsoft (finally!) announced in April 2019 the support for 8-256 character passwords in Azure AD/Office 365. This limit does not apply to users whose passwords are synced from the on-prem Active Directory (or for federated users). In this blog, I tell how to set insanely long passwords (64K+) also for cloud-only users!

How to create a backdoor to Azure AD

How to create a backdoor to Azure AD

This Monday Azure AD MFA was down over 12 hours preventing users from logging in to Office 365. As MFA is usually mandatory for administrators by company policy, they couldn’t log in either. In this blog, I’ll show how to create a backdoor to Azure AD so you can log in and bypass MFA.

AADInternals published!

AADInternals published!

For the last couple months I’ve used most of my free time on studying and hacking Azure AD admin APIs. As a result, I’m finally publishing the first (beta) version of the AADInternals PowerShell module.

Block user access to Azure AD PowerShell and Graph API Explorer

Block user access to Azure AD PowerShell and Graph API Explorer

By default, any user of Office 365 or Azure AD tenant can read the content of Azure AD using PowerShell and Graph API Explorer. This is a serious security issue because users have undetectable access to other users’ personal data, which violates for instance GDPR. In this blog, I’ll tell how to prevent the access.

Chasing the Unicorn: PowerShell module for 'The Secret Office 365 Forensics Tool'

Chasing the Unicorn: PowerShell module for 'The Secret Office 365 Forensics Tool'

In June 2018 the existence of secret Office 365 forensics tool was confirmed. The tool refers to Microsoft’s undocumented Exchange Online Activities API. The API provides access to a granular mail activity events for up to six months old data!

To provide administrators with easy access to the API, I created a PowerShell module (EXOMailActivity). In this blog, I’ll show you how to use the module to get access to mail activity data.