Showing Posts About

• Calum Elrick Max Toper Leonidas Tsaousis
• 15 Oct 2025

Entra Connect Exploitation in 2025: An Overview

Entra Connect is the bridge between Microsoft's on-prem and cloud worlds, synchronising Active Directory and Entra ID identities. As such, it has traditionally served as a high-value target for threat actors. Conversely, continuous imrpovements by Microsoft have drastically changed the attack surface, leading to confusion about which exploitation techniques are still relevant and which aren't. This post will aim to clarify and document the Entra Connect exploitation landscape in 2025, and what defenders need to know to stay ahead.