Seamless Single Sign-on for all (including bad guys)
9:00 AM - 9:45 AM

Azure Active Directory Seamless Single Sign-on enables users to use their active directory credentials to easily and seamlessly access cloud resources. While there are pen-testing tools (AADInternals, ROADRecon) available for abuse of this feature, there have not been strong and reliable ways to detect the abuse of this feature. In this session, Microsoft IR will share analysis results from recent investigations where abuse of AzureADSSO was abused in the wild. We will share ways to interpret a variety of authentication related signals to determine if abuse of AzureADSSO may be occurring and how to properly protect against this abuse.