NetSPI found that Microsoft Entra Conditional Access Policies could be bypassed by abusing Nested App Authentication (NAA/BroCI) to mint Microsoft Graph access tokens from an Azure Portal refresh token. Microsoft classified the issue as medium severity, patched it, and retesting confirmed the bypass no longer worked. #MicrosoftEntra #NestedAppAuthentication #MicrosoftGraph #MSRC
Keypoints
- NetSPI discovered a way to bypass Microsoft Entra Conditional Access Policies by abusing Nested App Authentication.
- The bypass allowed access token issuance for Microsoft Graph without Conditional Access being applied in certain flows.
- The issue was mainly useful as a persistence mechanism and required an initial Azure Portal refresh token, typically obtainable through phishing or stolen credentials/MFA material.
- The ADIbizaUX client was especially valuable because it had broad pre-consented Microsoft Graph permissions and supported read/write actions.
- By contrast, a comparable FOCI-based refresh token flow was blocked by Conditional Access as expected.
- Microsoft Security Response Center received the report, classified it as medium severity, and later deployed a fix.
- Post-patch retesting showed the same NAA-based token requests were blocked by Conditional Access policies.
MITRE Techniques
- [T1566 ] Phishing – The attacker would need to obtain the Azure Portal refresh token first, which the article says could require phishing or credential theft (‘an attacker would need to carry out a phishing attack’).
- [T1528 ] Steal Application Access Token – The technique involved acquiring refresh tokens and using them to mint access tokens for other applications (‘a refresh token can be leveraged to perform NAA flows’, ‘return an access token for the ADIbizaUx application’).
- [T1550.001 ] Use Alternate Authentication Material: Application Access Token – The NAA/BroCI flow reused a refresh token to obtain access tokens for a different client and resource (‘the host application silently exchanges its cached refresh token for a new access token’).
- [T1078 ] Valid Accounts – Access depended on compromised valid Azure Portal credentials/refresh token material (‘have access to the victims’ credentials and MFA material’).
- [T1098 ] Account Manipulation – The research used a Helpdesk Administrator role activation and Conditional Access behavior around identity management actions (‘activating this role triggers the Conditional Access block’).
Indicators of Compromise
- [Application IDs] brokered OAuth client identifiers used in token requests – c44b4083-3bb0-49c1-b47d-974e53cbdf3c, 74658136-14ec-4630-ad9b-26e160ff0fc6
- [OAuth endpoints] token issuance and refresh endpoint – login.microsoftonline.com, /common/oauth2/token
- [Resources] accessed Microsoft APIs – https://graph.microsoft.com/, https://management.core.windows.net/
- [Redirect URI patterns] brokered redirect format used in NAA – brk-c44b4083-3bb0-49c1-b47d-974e53cbdf3c://engagehub.portal.azure.com, brk-multihub://
- [Client/tool names] tooling used during testing – roadtx, Selenium
- [Client names] affected or tested applications – Azure Portal, Microsoft Teams, ADIbizaUX
- [Error codes] authentication blocks observed after patch or under policy – AADSTS53003, AADSTS700084
- [File/variable names] automation artifact and token storage name – GraphRefreshToken, .roadtools_auth