Azure Security

Microsoft Azure security assessment and exploitation techniques including Entra ID (Azure AD) attacks, Azure resource exploitation, and cloud-native vulnerabilities.

Overview

Microsoft Azure is the second-largest cloud provider and deeply integrated with enterprise environments through Microsoft 365 and hybrid Active Directory deployments. Azure's identity platform (Entra ID, formerly Azure AD) is particularly important as it often bridges on-premises and cloud environments.

Azure Security Articles

Azure AD Attacks - Entra ID exploitation techniques

Azure Attack Surface

Identity

Entra ID (Azure AD) users, groups, applications
Service principals and managed identities
B2B/B2C guest accounts
Hybrid identity with AD Connect

Compute

Virtual Machines (with IMDS)
App Services (web apps, functions)
Azure Kubernetes Service (AKS)
Container Instances

Storage

Blob Storage (public access issues)
File Shares
Managed Disks
Storage Account keys

Network

Virtual Networks (VNets)
Network Security Groups (NSGs)
Azure Firewall
Private Endpoints

Common Azure Misconfigurations

Overly permissive RBAC - Contributor/Owner on subscription
Public blob storage - Containers with anonymous access
Exposed App Service - Missing authentication
Weak conditional access - Bypassable MFA policies
Service principal secrets - Long-lived credentials

Essential Tools

Tool	Purpose
ROADtools	Azure AD enumeration and exploitation
AzureHound	Azure attack path mapping
MicroBurst	Azure security assessment
PowerZure	Azure offensive toolkit
ScoutSuite	Multi-cloud security auditing

AWS Security - Amazon cloud attacks
Active Directory Attacks - Hybrid AD scenarios

Azure Security

On this page