In the cover story of the latest issue 04/2022 of iX magazine, Frank Ully, Head of Research, takes a closer look at the security of the Azure Active Directory identity service, which is a popular target for attackers.
The Azure Active Directory (AAD) controls access to Microsoft’s cloud services, such as Microsoft 365. In the first part of the cover story, Frank Ully first goes into the basics of the AAD and, among other things, draws a comparison with the classic Active Directory. In the process, it becomes clear that the default settings of the service are not designed for security, just as they are in local AD. The other two articles in the cover story follow on from this and address the following key questions: How do attackers exploit a lack of hardening and misconfigurations of the AAD? And what measures can administrators take against attacks on the AAD?
You can read the full articles (in German only) here.
You can find the complete online issue of iX 04/2022 here (available in German only).