Azure AD backdooring to get stealthy persistent access to all mailboxes msrc-blog.microsoft.com/2020… As explained last year by @_dirkjan dirkjanm.io/azure-ad-privile…

9:57 AM · Dec 14, 2020

3
42
137
Replying to @cnotin @_dirkjan
OAuth, SAML, and App registration with all service endpoint is like to expose SPN to everyone. You've many ways to identifies like MCAS, identity protection, etc. But it provides half of the solution, cuz' you must block OAuth app at the user level including the app registration
0
0
2
Replying to @cnotin @_dirkjan
@talthemaor this remind me something ^^
0
0
0