We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
Backdooring and Hijacking Azure AD Accounts by Abusing External Identities
"Learn how attackers can backdoor and hijack Azure AD accounts by abusing external identities, exploiting Convert Account to B2B feature, bypassing MFA, and more, and discover essential security measures to prevent account compromise and elevate access."
- Any external user with an invite can potentially get full control of the Azure AD account and become a global admin if given the right permissions.
- Attackers can exploit the “Convert Account to B2B” feature to elevate a regular user to a global admin, even when the MFA is enabled.
- With MFA bypass, attackers can control an account without needing to know its password or MFA information, compromising account security.
- Users with sufficient permissions can link an attacker account to an existing account, granting elevated access and control.
- Guest invites are a security risk if they have privileges similar to those of existing users.
- It’s essential to remove or limit guest invites from tenants and restrict access to invites from unknown or unverified email addresses.
- Enabling MFA across all apps, not selectively, can help prevent some account compromise scenarios.
- It is important to review and lock down tenant settings, especially guest invitation rights and access settings.
- External Identities, including personal or Microsoft accounts, can be linked to create elevated access.
- Attackers can utilize alternative security IDs to link different identities and gain access to controlled resources.