Showing Articles About
microsoft 365
-
Christian Philipov - 14 Apr 2026
It's Just a Matter of Time: Backdooring Conditional Access Policies
Conditional Access Policies are a core control in every modern Entra tenant to prevent access outside of expected access methods. A discovery was made on a little-known policy condition that would allow an administrator to define time-based restrictions on when a policy would be evaluated or not. In the event that a sufficiently privileged administrator user was compromised, this capability could allow threat actors to effectively "disable" policies while still seemingly being marked as enabled in the portal.
- Christian Philipov
- 3 Sep 2025
Staying Sneaky in the Office (365)
SharePoint APIs provide a default functionality which can be used to download files outside of trusted devices and IP addresses. Thus, bypassing assumptions regarding where sensitive documents can be accessed from and providing an avenue for an attacker to exfiltrate information