Oops, I can read your Conditional Access Policies without being an admin.

This session will look at some of the caveats with AAD Graph API. My research found that if you have a token for these APIs, you have pretty much unhindered access for reading and exporting anything that uses AAD Graph.

Including, reading Conditional Access Policies as an end user.

The session will go through how this is possible, how to do it and demoing the toolkit I created for exporting all of this data as an end user.

Viktor Hedberg

Senior Technical Architect @ Truesec AB

Värnamo, Sweden


Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top