In the recent investigations of compromised Microsoft 365 tenants I’ve been involved in, we have seen that one of the first actions the attacker make is connecting to Azure-AD as the compromised user.This is most likely to exfiltrate information about the employees and all other accounts that is present in your Azure-AD.In several cases, I’ve […]
