Microsoft changed the location of ADSync encryption keys in Azure AD Connect version 1.4.x. These keys are used to encrypt and decrypt the passwords of “service accounts” used for syncing data from AD to Azure AD. Earlier versions saved the keys in the registry, but currently, it is using DPAPI. Thus, AADInternals couldn’t decrypt the passwords anymore. Luckily, Dirk-jan Mollema described in his great article how the encryption keys could be extracted and used to decrypt the passwords. Using Dirk-jan’s article as a starting point, I decided to implement this to AADInternals.
In my earlier blog, I explained how Azure AD identity federation works under-the-hood. In this post, I’ll be doing the same with Azure AD pass-through authentication (PTA).
Microsoft has published a PowerShell module for their partners to ease and automate operations with their customers. This module is (quite intuitively) called Partner Center. While the module does well what it’s meant to do, it also tells Microsoft what the partners are doing.
On October 25th, I’ll be talking at t2.fi infosec conference in Helsinki. In this blog, I’ll tell what to expect in my Abusing Azure Active Directory: Who would you like to be today? presentation.
In 2017, Oliver Morton introduced a feature he found in Office 365 Active Sync, allowing enumerating the existence of the users based on http status codes. (Update: The “feature” was fixed by Microsoft on mid November 2019). In this blog, I’ll introduce my similar findings on using Microsoft API to enumerate users when Seamless SSO is enabled in Azure AD tenant.
I was honoured to hear that I was accepted to present my AADInternals toolkit at the most respected information security event in the world: Black Hat USA 2019. This is clearly one of my greatest professional achievements so far! In this blog, I’ll briefly introduce what to expect in my demo at Black Hat Arsenal.
Identity federation is regarded as the most secure way to authenticate users to Azure AD. In this blog, I’ll deep-dive to identity federation implementation of Azure AD and point out some serious security issues.
Microsoft (finally!) announced in April 2019 the support for 8-256 character passwords in Azure AD/Office 365. This limit does not apply to users whose passwords are synced from the on-prem Active Directory (or for federated users). In this blog, I tell how to set insanely long passwords (64K+) also for cloud-only users!
On November 2018 Azure AD MFA was down over 12 hours preventing users from logging in to Office 365. Same happened in October 2019 in US data centers. As MFA is usually mandatory for administrators by company policy, they couldn’t log in either. In this blog, I’ll show how to create a backdoor to Azure AD so you can log in and bypass MFA.
For the last couple months I’ve used most of my free time on studying and hacking Azure AD admin APIs. As a result, I’m finally publishing the first (beta) version of the AADInternals PowerShell module.
By default, any user of Office 365 or Azure AD tenant can read the content of Azure AD using PowerShell and Graph API Explorer. This is a serious security issue because users have undetectable access to other users’ personal data, which violates for instance GDPR. In this blog, I’ll tell how to prevent the access.
Microsoft Teams has been available for free since July 2018. In this blog, I’ll deep dive to its technical details.
I’ve recently noticed that many organisations moving to Office 365 are struggling with their current on-premises non-routable UPNs. In this blog, I’ll show how to use Office 365 without altering on-premises UPNs.
In June 2018 the existence of secret Office 365 forensics tool was confirmed. The tool refers to Microsoft’s undocumented Exchange Online Activities API. The API provides access to a granular mail activity events for up to six months old data!
To provide administrators with easy access to the API, I created a PowerShell module (EXOMailActivity). In this blog, I’ll show you how to use the module to get access to mail activity data.
Office 365 groups is a great way to promote collaboration between people inside and outside organisations. By default, users are able to create groups freely, making their use easy. However, in many organisations, this has led to chaos.
In this blog, I show how you can get back the control of Office 365 groups, Teams and Planner.
Have you ever faced a situation, where a user takes a longer than 30-day leave, and you would like to save money spent on Office 365 licenses but still preserve user’s mailbox?
In this blog, I tell you how!
It still surprises me how few know that Office 365 includes a full-fledged email encryption solution, Office Message Encryption (OME). A “new OME”, built on top of Azure Information Protection, has been available for some time now. In this blog, I’ll tell you how to setup and customise the new OME.
In short, no it’s not. In this blog, I’ll tell you three reasons why.