writeups.xyz / Tampering with Conditional Access Policies Using Azure AD Graph API

Submitter : c2a

Date: 23 May 2023

Bounty : undisclosed

Vulnerabilities :

• Cloud
• Privilege Escalation

Programs :

• Microsoft (Azure)

Authors :

• Secureworks Counter Threat Unit (@Secureworks)

Link :
https://www.secureworks.com/research/tampering-with-conditional-access-policies-using-azure-ad-graph-api