Azure AD is used by Microsoft Office 365 and over 2900 third-party apps. Although Azure AD is commonly regarded as secure, there are known security issues regarding to identity federation, pass-through authentication, and seamless single-sign-on.

In this session, using AADInternals toolkit, I will demonstrate how to create backdoors, impersonate users, and bypass MFA. Methods for detecting rogue behaviour are also introduced.

The purpose of this session is to raise awareness of the information security, the importance of the principle of least privilege, and the crucial role of on-prem security to cloud security.