Microsoft Azure Active Directory (Azure AD) is an identity and access management solution used by over 88 percent of Fortune 500 companies as of this publication. This market penetration makes Azure AD a lucrative target for threat actors. In the second half of 2021, Secureworks Counter Threat Unit (CTU) researchers analyzed Azure AD tenants and were able to extract open-source intelligence (OSINT) about organizations.
Threat actors frequently use OSINT to perform reconnaissance. CTU researchers identified several application programming interfaces (APIs) that access internal information of any organization that uses Azure AD. Collected details included licensing information, mailbox information, and directory synchronization status. Azure Active Directory Exposes Internal Information
Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer