Detect Azure AD Hybrid Cloud Vulnerabilities<\/title> <link href=\"https:\/\/fonts.googleapis.com\/css?family=Open+Sans:300,300i,400,400i,600\" rel=\"stylesheet\">\n<link href=\"\/\/customer.cludo.com\/css\/296\/1798\/cludo-search.min.css\" type=\"text\/css\" rel=\"stylesheet\"> <link rel=\"stylesheet\" href=\"\/etc.clientlibs\/trendresearch\/clientlibs\/clientlib-trendresearch.min.css\" type=\"text\/css\"> <meta property=\"og:url\" content=\"https:\/\/www.trendmicro.com\/en_us\/devops\/22\/e\/detect-azure-ad-hybrid-cloud-vulnerabilities.html\"><br \/>\n<meta property=\"og:title\" content=\"Detect Azure AD Hybrid Cloud Vulnerabilities\"><br \/>\n<meta property=\"og:description\" content=\"AADInternals is a PowerShell module widely used by administrators for administering Azure Active Directory (AD) and Microsoft 365 - learn how to protect against their common vulnerabilities.\"><br \/>\n<meta property=\"og:site_name\" content=\"Trend Micro\"><br \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/22\/e\/detect-azure-ad-hybrid-cloud-issues-with-trend-micro\/detect-azure-issues-tn.jpg\"><br \/>\n<meta property=\"og:locale\" content=\"en_US\"> <meta name=\"twitter:card\" content=\"summary_large_image\"><br \/>\n<meta name=\"twitter:site\" content=\"@TrendMicro\"><br \/>\n<meta name=\"twitter:title\" content=\"Detect Azure AD Hybrid Cloud Vulnerabilities\"><br \/>\n<meta name=\"twitter:description\" content=\"AADInternals is a PowerShell module widely used by administrators for administering Azure Active Directory (AD) and Microsoft 365 - learn how to protect against their common vulnerabilities.\"><br \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/22\/e\/detect-azure-ad-hybrid-cloud-issues-with-trend-micro\/detect-azure-issues-tn.jpg\"> <\/head> <body class=\"articlepage page basicpage context-business context-devops\" id=\"readabilityBody\" readability=\"49.490751166157\">  <a id=\"page-scroll\" title=\"VerticalPageScroll\" href=\"javascript:jumpScroll($(this).scrollTop());\"> <span class=\"icon-chevron-up\"><\/span> <\/a>  <\/p>\n<div class=\"root responsivegrid\">\n<div class=\"aem-Grid aem-Grid--12 aem-Grid--default--12 \">\n<div class=\"articleBodyNoHero aem-GridColumn aem-GridColumn--default--12\">\n<div class=\"research-layout article container\" role=\"contentinfo\">\n<article class=\"research-layout--wrapper row\" data-article-pageid=\"1503843204\">\n<div class=\"col-xs-12 col-md-12 one-column\">\n<div class=\"col-xs-12 col-md-12\" readability=\"8.2763157894737\">\n<div class=\"article-details\" role=\"heading\" readability=\"36.026315789474\"> <span class=\"article-details__bar\" role=\"img\"><\/span> <\/p>\n<p class=\"article-details__display-tag\">Workload Security<\/p>\n<p class=\"article-details__description\">AADInternals is a PowerShell module widely used by administrators for administering Azure Active Directory (AD) and Microsoft 365 – learn how to protect against their common vulnerabilities.<\/p>\n<p class=\"article-details__author-by\">By: Jiri Sykora, Sunil Bharti <time class=\"article-details__date\">May 19, 2022<\/time> <span>Read time: <\/span><span class=\"eta\"><\/span> (<span class=\"words\"><\/span> words) <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<hr class=\"research-layout-divider\"> <main class=\"main--content col-xs-12 col-md-8 col-md-push-2\"> <\/p>\n<div class=\"richText\" readability=\"43.035070140281\">\n<div readability=\"31.657982631931\">\n<p><span class=\"body-subhead-title\">What is AADInternals?<\/span><\/p>\n<p>AADInternals is a PowerShell module widely used by administrators for administering Azure Active Directory (AD) and Microsoft 365. As the name suggest it deals with integration of Azure AD for on-prem and cloud services. More features can lead to more security issues, which might be leveraged by threat actors for malicious purposes like creating backdoor users, stealing passwords, stealing encryption keys.<\/p>\n<p><span class=\"body-subhead-title\">AADInternals and Azure AD<\/span><\/p>\n<p>Many companies benefit from moving to the cloud, but still want to keep parts of infrastructure on-premise to keep full control. This also includes Azure AD\u2014some services hosted in the cloud need it for proper functionality and\/or it can provide secure remote access to applications used by external users. This integration extends the possible attack surface and adds complexity to the entire deployment. This blog explores possible misuses of legitimate tools\u2014like AADInternals\u2014 in hybrid-cloud environments and how to detect them using Trend Micro Cloud One\u2122 \u2013 Workload Security.<\/p>\n<p><b>Common misuses of AADInternals<\/b><\/p>\n<p>While AADInternals is a completely legitimate and handy tool, it often can be exploited by malicious actors if some specific actions and\/or commands are used. For instance, when you synchronize the identity data between the on-premises AD and Azure AD, <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/hybrid\/how-to-connect-sync-whatis\" target=\"_blank\" rel=\"noopener\"><i>Azure AD Connect<\/i><\/a> application is used on on-premises AD, enabling an attacker to compromise this service and extract information from the targeted Azure AD tenant.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/22\/e\/detect-azure-ad-hybrid-cloud-issues-with-trend-micro\/microsoft-img.png\" alt=\"microsoft\"><figcaption>Reference: https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/hybrid\/whatis-azure-ad-connectO<\/figcaption><\/figure>\n<\/p><\/div>\n<div>\n<div class=\"richText\" readability=\"32.5\">\n<div readability=\"10\">\n<p>Once attacker has foothold on Azure AD connect servers, they can perform variety of the operations, including:<\/p>\n<ol>\n<li>Dumping encryption keys<\/li>\n<li>Exfilteration of Azure AD connector account password<\/li>\n<li>Creating backdoor to Azure AD<\/li>\n<li>Update Azure AD Connect credentials for Azure AD<\/li>\n<li>Create users only in Azure AD<\/li>\n<\/ol><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/22\/e\/detect-azure-ad-hybrid-cloud-issues-with-trend-micro\/addinternals-img.png\" alt=\"addinternals\"><figcaption>Figure: Extracting Azure AD connect account password in clear text<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"41.454918032787\">\n<div readability=\"29.262295081967\">\n<p><b> Detections for AADInernals:<\/b><\/p>\n<p>Now that we understand how these legitimate tools and services can be exploited, let\u2019s explore how to detect potential attacks using Workload Security and Trend Micro Vision One\u2122.<\/p>\n<p>Part of our <a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/one-platform.html\">unified cybersecurity platform<\/a>, Trend Micro Cloud One\u2122 is a security services platform for DevOps teams composed of seven services. It integrates with Trend Micro Vision One, which leverages industry-leading XDR capabilities to collected, correlate, and display data from Trend Micro Cloud One in a straightforward dashboard. Think of Trend Micro Cloud One as the security camera, and Trend Micro Vision One as the app on your phone where you can see the video stream and any alerts.<\/p>\n<p>In this demo, we used Workload Security to detect potential vulnerabilities. Workload Security ensures your containers and datacenters are secured with automated scanning and customizable post-scan actions. Let\u2019s explore detections made by Workload Security:<\/p>\n<p><b>1. Log Inspection<\/b><\/p>\n<p>Through this module we can tap into PowerShell activity events on the host. Upon the execution of AADInternals commands an analyst can monitor these commands with <b>1010002 – Microsoft PowerShell Command Execution (ATT&CK T1059.001)<\/b>.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/22\/e\/detect-azure-ad-hybrid-cloud-issues-with-trend-micro\/log-inspection-img.png\" alt=\"log-inspection\"><figcaption>Figure: Log Inspection detection<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"46.5\">\n<div readability=\"38\">\n<p><b>2. Activity Monitoring<\/b><\/p>\n<p>The module can detect process, file, AMSI and network activities on endpoints running Workload Security. In this case, we will examine the AMSI activity since there is no network or file activity in this scenario. Activity monitoring module looks for some of these objects:<\/p>\n<p>a. SQL Client connector object: System.Data.SqlClient.SqlConnection<br \/>b. Registry key to fetch ‘AD Sync’ details from: ‘HKLM:SOFTWARE\\Microsoft\\AD Sync’<br \/>c. DLL file used by AD Sync tool: ‘mcrypt.dll’<\/p>\n<p><span class=\"body-subhead-title\">Tying it all together with Trend Micro Vision One<\/span><\/p>\n<p>Trend Micro Vision One takes all the detections from Workload Security and correlates them to provide comphrensive visibility across all data in one console. Let\u2019s dive into what you can see (pun intended) with Trend Micro Vision One:<\/p>\n<p><b>1. Search App<\/b><\/p>\n<p>To hunt down potential use of AADInternals in the environment, analysts can use queries such as:<\/p>\n<p>a. eventSubId:”901″ AND processName:powershell AND objectRawDataStr:”AADInternals”<br \/>b. eventSubId:”901″ AND processName:powershell AND objectRawDataStr:”ADSyncSyncCycle”<br \/>c. eventSubId:”901″ AND processName:powershell AND objectRawDataStr:”Get-AADIntSyncCredentials”<\/p>\n<p><b>2. Observed Attack Techniques (OAT)<\/b><\/p>\n<p>OATs are generated from individual events that provide security value. To investigate the possible use of AADInternals tools, analysts can look for these OAT IDs derived from many other OAT triggers to indicate suspicious activities on the affected host.<\/p>\n<p>a. PowerShell ADSync detected<br \/>b. Identified AADInternal Suite Commands To Access Azure AD Credentials<br \/>c. Identified Credential Operation Using Azure AD Internals Tool<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/22\/e\/detect-azure-ad-hybrid-cloud-issues-with-trend-micro\/powershell-img.png\" alt=\"powershell\"><figcaption>Figure: Event from PowerShell ADSync detected<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/22\/e\/detect-azure-ad-hybrid-cloud-issues-with-trend-micro\/identified-credential-img.png\" alt=\"identified-credentials\"><figcaption>Figure: Event from Identified Credential Operation Using AADInternals Tool<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/22\/e\/detect-azure-ad-hybrid-cloud-issues-with-trend-micro\/identified-credential2-img.png\" alt=\"identified-credentials2\"><figcaption>Figure: Event from Identified AADInternal Suite Commands To Access Azure AD Credentials<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32.5\">\n<div readability=\"10\">\n<p><span class=\"body-subhead-title\">Workbench<\/span><\/p>\n<p>The Trend Micro Vision One Workbench app helps analysts see significant correlated events based on occurrences throughout the entire fleet of workloads. The left side of the diagram shows the summarized sequence of events where analysts can view the different fields of interest that are considered important and dive deeper into provide the scope of the attack on the right.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/22\/e\/detect-azure-ad-hybrid-cloud-issues-with-trend-micro\/workbench-img.png\" alt=\"workbench\"> <\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"devopsrc-692fbd\" href=\"https:\/\/www.trendmicro.com\/en_us\/business\/campaigns\/cloud-one-trial.html\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/trial-banners\/cloud-one-trial-banner.jpg\" alt=\"cloud-one-trial\"> <\/a> <\/figure>\n<\/p><\/div>\n<\/p><\/div>\n<section class=\"tag--list\">\n<p>Tags<\/p>\n<\/section>\n<p> <\/main> <\/article>\n<\/div>\n<\/div><\/div>\n<\/div>\n<p>   <\/p>\n<p> <span>sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk<\/span> <\/p>\n<p>   <\/body> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/devops\/22\/e\/detect-azure-ad-hybrid-cloud-vulnerabilities.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>AADInternals is a PowerShell module widely used by administrators for administering Azure Active Directory (AD) and Microsoft 365 – learn how to protect against their common vulnerabilities. Read More HERE…<\/p>\n","protected":false},"author":2,"featured_media":46716,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9503,9502,9530,9501,9571,9500],"class_list":["post-46715","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-devops-article","tag-trend-micro-devops-azure","tag-trend-micro-devops-best-practices","tag-trend-micro-devops-cloud-native","tag-trend-micro-devops-how-to","tag-trend-micro-devops-workload-security"],"yoast_head":"\n<title>Detect Azure AD Hybrid Cloud Vulnerabilities 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/detect-azure-ad-hybrid-cloud-vulnerabilities\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Detect Azure AD Hybrid Cloud Vulnerabilities 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/detect-azure-ad-hybrid-cloud-vulnerabilities\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-05-19T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/22\/e\/detect-azure-ad-hybrid-cloud-issues-with-trend-micro\/detect-azure-issues-tn.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/detect-azure-ad-hybrid-cloud-vulnerabilities\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/detect-azure-ad-hybrid-cloud-vulnerabilities\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Detect Azure AD Hybrid Cloud Vulnerabilities\",\"datePublished\":\"2022-05-19T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/detect-azure-ad-hybrid-cloud-vulnerabilities\\\/\"},\"wordCount\":862,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/detect-azure-ad-hybrid-cloud-vulnerabilities\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/05\\\/detect-azure-ad-hybrid-cloud-vulnerabilities.png\",\"keywords\":[\"Trend Micro DevOps : Article\",\"Trend Micro DevOps : Azure\",\"Trend Micro DevOps : Best Practices\",\"Trend Micro DevOps : Cloud Native\",\"Trend Micro DevOps : How To\",\"Trend Micro DevOps : Workload Security\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/detect-azure-ad-hybrid-cloud-vulnerabilities\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/detect-azure-ad-hybrid-cloud-vulnerabilities\\\/\",\"name\":\"Detect Azure AD Hybrid Cloud Vulnerabilities 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/detect-azure-ad-hybrid-cloud-vulnerabilities\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/detect-azure-ad-hybrid-cloud-vulnerabilities\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/05\\\/detect-azure-ad-hybrid-cloud-vulnerabilities.png\",\"datePublished\":\"2022-05-19T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/detect-azure-ad-hybrid-cloud-vulnerabilities\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/detect-azure-ad-hybrid-cloud-vulnerabilities\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/detect-azure-ad-hybrid-cloud-vulnerabilities\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/05\\\/detect-azure-ad-hybrid-cloud-vulnerabilities.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/05\\\/detect-azure-ad-hybrid-cloud-vulnerabilities.png\",\"width\":333,\"height\":242},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/detect-azure-ad-hybrid-cloud-vulnerabilities\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro DevOps : Article\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-devops-article\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Detect Azure AD Hybrid Cloud Vulnerabilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n","yoast_head_json":{"title":"Detect Azure AD Hybrid Cloud Vulnerabilities 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/detect-azure-ad-hybrid-cloud-vulnerabilities\/","og_locale":"en_US","og_type":"article","og_title":"Detect Azure AD Hybrid Cloud Vulnerabilities 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/detect-azure-ad-hybrid-cloud-vulnerabilities\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-05-19T00:00:00+00:00","og_image":[{"url":"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/22\/e\/detect-azure-ad-hybrid-cloud-issues-with-trend-micro\/detect-azure-issues-tn.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/detect-azure-ad-hybrid-cloud-vulnerabilities\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/detect-azure-ad-hybrid-cloud-vulnerabilities\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Detect Azure AD Hybrid Cloud Vulnerabilities","datePublished":"2022-05-19T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/detect-azure-ad-hybrid-cloud-vulnerabilities\/"},"wordCount":862,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/detect-azure-ad-hybrid-cloud-vulnerabilities\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/05\/detect-azure-ad-hybrid-cloud-vulnerabilities.png","keywords":["Trend Micro DevOps : Article","Trend Micro DevOps : Azure","Trend Micro DevOps : Best Practices","Trend Micro DevOps : Cloud Native","Trend Micro DevOps : How To","Trend Micro DevOps : Workload Security"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/detect-azure-ad-hybrid-cloud-vulnerabilities\/","url":"https:\/\/www.threatshub.org\/blog\/detect-azure-ad-hybrid-cloud-vulnerabilities\/","name":"Detect Azure AD Hybrid Cloud Vulnerabilities 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/detect-azure-ad-hybrid-cloud-vulnerabilities\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/detect-azure-ad-hybrid-cloud-vulnerabilities\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/05\/detect-azure-ad-hybrid-cloud-vulnerabilities.png","datePublished":"2022-05-19T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/detect-azure-ad-hybrid-cloud-vulnerabilities\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/detect-azure-ad-hybrid-cloud-vulnerabilities\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/detect-azure-ad-hybrid-cloud-vulnerabilities\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/05\/detect-azure-ad-hybrid-cloud-vulnerabilities.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/05\/detect-azure-ad-hybrid-cloud-vulnerabilities.png","width":333,"height":242},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/detect-azure-ad-hybrid-cloud-vulnerabilities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro DevOps : Article","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-devops-article\/"},{"@type":"ListItem","position":3,"name":"Detect Azure AD Hybrid Cloud Vulnerabilities"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/46715","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=46715"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/46715\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/46716"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=46715"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=46715"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=46715"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":46715,"date":"2022-05-19T00:00:00","date_gmt":"2022-05-19T00:00:00","guid":{"rendered":"urn:uuid:bebae2ea-fc3d-7be8-8ce9-240aabc51e79"},"modified":"2022-05-19T00:00:00","modified_gmt":"2022-05-19T00:00:00","slug":"detect-azure-ad-hybrid-cloud-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/detect-azure-ad-hybrid-cloud-vulnerabilities\/","title":{"rendered":"Detect Azure AD Hybrid Cloud Vulnerabilities"},"content":{"rendered":"