This post is part ⁵⁄₅ of Azure AD and Microsoft 365 kill chain blog series.

Although on-prem administrators doesn’t usually have admin rights to Azure AD, they can have access to crucial information, such as Azure AD Connect, ADFS, and Active Directory. Administrators of these services can easily get admin rights to Azure AD to manipulate and impersonate users.

In this blog, using AADInternals v0.4.0, I’ll show how to get Global Admin access and how to impersonate users as an on-prem administrator.

This post is part ³⁄₅ of Azure AD and Microsoft 365 kill chain blog series.

Azure AD and Office 365 are cloud services and most information is hidden to the members (or guests) of the tenant. However, there are plenty of information publicly available to anyone.

In this blog, using AADInternals v0.4.5, I’ll show how to gather information of any Azure AD tenant as an insider.

This post is part ²⁄₅ of Azure AD and Microsoft 365 kill chain blog series.

When sharing SharePoint to people outside the organisations or inviting them to Teams, a corresponding guest account is created to Azure AD. Although the created guest account is not a pure insider, it has wide read-only access to organisation’s Azure AD information.

In this blog, using AADInternals v0.4.0, I’ll show how to gather information from Azure AD tenant as a guest user.

This post is part ¹⁄₅ of Azure AD and Microsoft 365 kill chain blog series.

Azure AD and Office 365 are cloud services and most information is available only to the members (or guests) of the tenant. However, there are plenty of information publicly available to anyone.

In this blog, using AADInternals v0.4.0, I’ll show how to gather information of any Azure AD tenant as an outsider.