This blog concentrates on ‘Azure AD Attack & Defense Playbook’ which I have written during the last 1,5 years with Thomas Naunheim & Joosua Santasalo. It has been an interesting journey where we all have learned a lot from research work but also from each other.


The initial idea for creating the ‘Azure AD Attack & Defense Playbook’ came from fellow MVP, Thomas Naunheim. Our first Teams call was somewhere in Autumn 2020 where Thomas presented the idea and I bought it immediately. The first chapter was about the ‘Password Spray’ attack where we focused heavily on the AAD Identity Protection detection mechanism to detect ‘password spray’ type of attacks.

Typically, one chapter has taken approximately 1-2 months of calendar time so it has been quite an effort to put all four (4) chapters & appendix together. During the last 1,5 years we have published the following chapters:

  • Password Spray Attacks
  • Consent Grant Attack
  • Service Principals in Azure DevOps (Release) Pipelines
  • Abuse of Azure AD Connect Sync Service Account
  • Identity Security Monitoring as appendix for all of the chapters

We have also been lucky to have @SantasaloJoosua also included as an author and also reviewer in this project in several chapters.

Playbook Introduction

The publication is a collection of various common attack scenarios on Azure Active Directory and how they can be mitigated or detected. All of the included scenarios, insights, and comments are based on experiences from the contributors during their attack simulations, hands-on or real-world scenarios.

It should be considered a living document, which has to be updated as practices progress and changes in attack and defense techniques. We invite identity or security experts from the community to work together on this publication and contribute updates, feedback, comments, or further additions.



In all chapters, we follow the same guideline. You can expect to find:

  • Description of the common attack scenarios
  • Detection of the attacks
  • Mitigation for the attack and instructions how to enhance your environment security posture based on document scope

The following chapters in this blog contain a short description of each chapter you can find from the playbook.

Password Spray Attacks

“A password spray attack is where multiple usernames are attacked using common passwords in a unified brute force manner to gain unauthorized access.”

The chapter was initially created in November 2020 and updated in November 2021 to contain the latest security product updates from Microsoft Ignite 2021.

The chapter briefly describes the attack and tools used to simulate the password spray type of attack. In the detection part multiple Microsoft security solutions as used such as Microsoft Sentinel & Defender for Cloud apps.

Also, on the side notes, there are some considerations for the on-prem environment and ADFS as well if one is still in use.

Password Spray Attacks

Consent Grant Attack

“In an illicit consent grant attack, the attacker creates an Azure-registered application that requests access to data such as contact information, email, or documents. The attacker then tricks an end-user into granting that application consent to access their data either through a phishing attack or by injecting illicit code into a trusted website. After the illicit application has been granted consent, it has account-level access to data without the need for an organizational account.

Normal remediation steps, like resetting passwords for breached accounts or requiring Multi-Factor Authentication (MFA) on accounts, are not effective against this type of attack since these are third-party applications and are external to the organization. These attacks leverage an interaction model that presumes the entity that is calling the information is automation and not a human.”

The chapter contains an attack description and explanation of why it’s important to secure & monitor activities around the Azure AD Consent framework. In the detection chapter we used the following solutions:

  • O365 SSC & new Compliance portal (Unified Audit Log)
  • Azure AD portal (Audit logs, workbooks & application management)
  • PowerShell tools (Get-AzureADPSPermissions)
  • Combination of Get-AzureADPSPermissions export, Azure Log Analytics & some KQL magic
  • Microsoft Defender for Cloud Apps – App Governance
  • Microsoft Sentinel

Because the topic is huge and complicated the mitigation part contains instructions & details on how you can reduce the attack surface in your environment.

Consent Grant Attack

Service Principals in Azure DevOps (Release) Pipelines

In the following two attack scenarios, we’ve set our focus on privileged service principals as part of release pipelines in Azure DevOps (ADO) and the (potential) limited visibility in auditing.

  • Exfiltration of credentials or access token from Azure DevOps pipelines
  • Using service connections outside of intended pipeline

ADO is a huge topic and in this chapter, the scope is limited only to the scenarios mentioned above. The same path followed here:

  • Attack description for both scenarios in the scope
  • Detection of the attack
  • Mitigation for the attack

When we worked with this chapter we spent a lot of time on the detection technics which was a bit complicated because of the ADO audit log schema. Nevertheless, hard work pays off and we were able to achieve our defined target and detect attacks in Microsoft Sentinel.

The chapter contains deep-dive information on how to secure the Azure DevOps environment on the mitigation chapter.

Service Principals in Azure DevOps (Release) Pipelines

Abuse of Azure AD Connect Sync Service Account

In this paper we are mainly focusing on the following scenario:

  1. Attacking administrative account with directory role assignment to “Hybrid Identity Administrator” for managing Azure AD connect configurations
  2. Abusing of Azure AD user “On-Premises Directory Synchronization Service Account” which will be used to synchronize objects from Azure AD Connect (AADC) Server (AD on-premises) to Azure AD.

Out of scope are privilege escalation and attack paths from AADC server in direction to Active Directory (incl. abuse Azure AD DS connector account)

The latest chapter released on the 14th of March 2022 is all about abusing the Azure AD Connect sync service account. To be precise, the AAD Connect account is responsible for performing actions to the Azure AD side.

The topic and attack scenario was extremely interesting for research work and even though I’ve worked a lot with Azure AD Connect in the past I have to admit that I’ve learned a lot during the last two (2) month period. We did some interesting findings which we haven’t noticed earlier.

If you have read this far I encourage you to check out the KQL queries for Microsoft Sentinel which we created during our research work.

KQL queries

Abuse of Azure AD Connect Sync Service Account

A replay of Primary Refresh (PRT) and other issued tokens from an Azure AD joined device

Microsoft has introduced Windows 11 with the requirement to use a Trusted Platform Module (TPM) chip. This has greatly increased the capabilities to use Windows 11 OS security features including an extra layer of protection for cloud-based authentication scenarios. The Primary Refresh Token (PRT) and other relevant keys can be well protected by TPM in Windows 11 but also in Windows 10 and Windows Server versions from 2016 and above. Taking this into account in this paper we mainly focus on the following scenarios:

  • Attack scenario with PRT and easy mitigation options (enforce TPM and device compliance) to reduce the attack surface. This will also cover considerations and dependencies in security configuration and cooperation of components to prevent successful token replay attacks.
  • Detection capabilities of abusing access token after AuthN/AuthZ with cloud session anomalies by Microsoft Defender for Cloud Apps (MDA) and Microsoft Defender for Cloud (MDC).

What’s Next?

There is definitely more to come. We have been sparring about several topics which could be potential for the next chapter such as how Azure AD Identity Protection can protect Workload Identities or Phishing Attacks in general.

There is also a possibility to become part of the project and contribute if you would like to participate for our research work. More information in GitHub.


The Azure AD Attack & Defense Playbook

KQL queries