Deep dive into some interesting security properties of Azure AD multi-tenant applications

Intro The goal of this article is to dig deeper into some poorly documented and non-obvious security aspects of Azure Active Directory Applications, particularly regarding multi tenant applications. This is not a comprehensive guide about application and service principal security, but an overview of some security properties which I find non-obvious and of interest to attackers and defender. If you are not familiar with the basic concepts of Applications and Service principals in Azure AD, I suggest starting with the documentation....

12 min · soroganoth