Active Directory & Azure AD/Entra ID Security

Active Directory & Azure AD/Entra ID: Enterprise Security, Methods to Secure Active Directory, Attack Methods & Effective Defenses, PowerShell, Tech Notes, & Geek Trivia…

Tag: Global Administrator

Aug 10 2025

Entra & Azure Elevated Access Revisited

By Sean Metcalf in Technical Reference

In early 2020, I published an article on how a Global Administrator could gain control of Azure resources, that no one would know about it, and how this access would persist even after removing them from Global Administrator. From that article: “While Azure leverages Azure Active Directory for some things, Azure AD roles don’t directly …

Azure, Azure AD, ElevatedAccess, ElevatedAccessLogging, Entra ID, Global Administrator

May 27 2020

From Azure AD to Active Directory (via Azure) – An Unanticipated Attack Path

By Sean Metcalf in Cloud Security, Microsoft Security, TheCloud

For most of 2019, I was digging into Office 365 and Azure AD and looking at features as part of the development of the new Trimarc Microsoft Cloud Security Assessment which focuses on improving customer Microsoft Office 365 and Azure AD security posture. As I went through each of them, I found one that was …

Access management for Azure resources, ActiveDirectory, Azure AD PIM, Azure Owner, Azure RBAC, Azure root, AzureAD, Company Administrator, Compromise Azure Domain Controller, Compromise Azure VM, Elevate Access, EnableAdminAccount, From Azure AD to Azure, Global Admin to Azure, Global Administrator, Global Administrator Elevate Access, MFA, Microsoft.Compute/virtualMachines/runCommand/, net localgroup, Office 365 Security, PIM, Privileged Identity Manager, Run PowerShell on Azure VM, runCommand, RunPowerShellScript, User Access Administrator, Virtual Machine Contributor

Content Disclaimer: This blog and its contents are provided "AS IS" with no warranties, and they confer no rights. Script samples are provided for informational purposes only and no guarantee is provided as to functionality or suitability. The views shared on this blog reflect those of the authors and do not represent the views of any companies mentioned. Content Ownership: All content posted here is intellectual work and under the current law, the poster owns the copyright of the article. Terms of Use Copyright © 2011 - 2025.

Made with by Graphene Themes.

Tag: Global Administrator

Entra & Azure Elevated Access Revisited

From Azure AD to Active Directory (via Azure) – An Unanticipated Attack Path

Recent Posts

Active Directory & Entra ID Security Services

Popular Posts

Categories

Recent Posts

Recent Comments

Archives

Categories

Meta

Copyright

Tag: Global Administrator

Entra & Azure Elevated Access Revisited

From Azure AD to Active Directory (via Azure) – An Unanticipated Attack Path

Recent Posts

Active Directory & Entra ID Security Services

Popular Posts

Categories

Tags

Recent Posts

Recent Comments

Archives

Categories

Meta

Copyright