Showing Articles About
entra connect
-
Calum Elrick Max Toper 
Leonidas Tsaousis - 15 Oct 2025
Entra Connect Exploitation in 2025: An Overview
Entra Connect is the bridge between Microsoft's on-prem and cloud worlds, synchronising Active Directory and Entra ID identities. As such, it has traditionally served as a high-value target for threat actors. Conversely, continuous imrpovements by Microsoft have drastically changed the attack surface, leading to confusion about which exploitation techniques are still relevant and which aren't. This post will aim to clarify and document the Entra Connect exploitation landscape in 2025, and what defenders need to know to stay ahead.