How to create a backdoor to Azure AD - part 1: Identity federation

How to create a backdoor to Azure AD - part 1: Identity federation

On November 2018 Azure AD MFA was down over 12 hours preventing users from logging in to Office 365. Same happened in October 2019 in US data centers. As MFA is usually mandatory for administrators by company policy, they couldn’t log in either. In this blog, I’ll show how to create a backdoor to Azure AD so you can log in and bypass MFA.

AAD Internals

AADInternals published!

AADInternals published!

For the last couple months I’ve used most of my free time on studying and hacking Azure AD admin APIs. As a result, I’m finally publishing the first (beta) version of the AADInternals PowerShell module.

Block user access to Azure AD PowerShell and Graph API Explorer

Block user access to Azure AD PowerShell and Graph API Explorer

By default, any user of Office 365 or Azure AD tenant can read the content of Azure AD using PowerShell and Graph API Explorer. This is a serious security issue because users have undetectable access to other users’ personal data, which violates for instance GDPR. In this blog, I’ll tell how to prevent the access.

Azure AD PowerShell module installation got easier

Azure AD PowerShell module installation got easier

Azure AD PowerShell module was earlier installed by a standard .msi package. Now you can install it using one PowerShell command. However, installation requires PowerShell 5 or newer.