Bypassing Azure AD MFA via Cross-Tenant Trust Misconfigurations

TLDR: Researchers at Black Hat 2023 demonstrated that default cross-tenant access settings in Azure AD can be abused to bypass MFA requirements. By authenticating as a guest in a resource tenant that trusts the home tenant's authentication, attackers can effectively neutralize MFA protections. This research also highlights how specific, undocumented API endpoints allow for the unauthorized enumeration of global administrators, providing a clear path for privilege escalation and reconnaissance.

Azure Active Directory, now Microsoft Entra ID, is the backbone of identity for the vast majority of the enterprise world. When you are performing an engagement, you are almost certainly going to run into it. Most security teams treat MFA as a silver bullet, assuming that if they have enabled it, they are protected against credential theft. This research proves that assumption is dangerous. The core issue isn't a flaw in the MFA protocol itself, but in the trust boundaries that organizations inadvertently create when they configure cross-tenant access.

The Mechanics of the MFA Bypass

The vulnerability stems from how Azure AD handles authentication across different tenants. When a user from a home tenant is invited as a guest to a resource tenant, the resource tenant often relies on the home tenant to verify the user's identity. If the resource tenant is configured to trust the home tenant's MFA claims, the resource tenant will accept the user's authentication without triggering its own MFA prompt.

This creates a massive blind spot. If an attacker compromises a user's credentials in a home tenant that has weak or no MFA, they can pivot to any resource tenant that trusts that home tenant. The attacker does not need to bypass the MFA of the resource tenant because the resource tenant effectively offloads that responsibility to the home tenant.

During the presentation, the researchers demonstrated this flow by logging into a B2C tenant. Because B2C tenants often have different security requirements and are frequently misconfigured, they serve as an ideal entry point. Once the attacker is authenticated in the B2C tenant, they can use the Microsoft Graph API or other internal endpoints to pivot into the target organization's environment.

Enumerating Administrators via Undocumented APIs

Beyond the MFA bypass, the research uncovered a significant information disclosure vulnerability. The standard Azure portal hides sensitive information, but the underlying APIs are often much more permissive. The researchers identified specific API endpoints that return a list of tenant administrators, including their email addresses, even when the user is an unprivileged guest.

For a pentester, this is gold. You no longer need to guess who the admins are or rely on slow, noisy brute-force attempts. You can query these endpoints to build a precise target list for social engineering or targeted password spraying. The researchers released a toolkit called AADInternals that automates this enumeration. If you are doing cloud assessments, this tool is now mandatory.

To see what an attacker can pull, you can look at how the API responds to requests for access package administrators. Even if you are an outsider, the API may return a list of users who have administrative rights over specific packages or catalogs.

# Example of enumerating access package admins using AADInternals
Get-AADIntAccessPackageAdmins -TenantId <TargetTenantID>

Real-World Impact and Engagement Strategy

On a typical red team engagement, your first goal is to gain a foothold. If you find a target organization that uses Azure AD, check their cross-tenant settings. If they have "Trust MFA from home tenant" enabled, you have a direct path to bypass their MFA.

The impact is severe. You are essentially moving from a compromised low-privilege account to an authenticated session in a target environment without ever having to solve a second factor. Once you are in, you can use the enumeration techniques to identify high-value targets. If you find a Global Administrator, you have effectively won the engagement.

Defensive Hardening

Defenders need to stop treating cross-tenant trust as a "set it and forget it" configuration. You must audit your Cross-tenant access settings in the Entra admin center. Specifically, review your inbound trust settings. Do not trust MFA claims from external tenants unless you have a strict, verified business relationship with them.

Furthermore, implement Conditional Access policies that explicitly require MFA for all users, regardless of their guest status or the trust level of their home tenant. Do not let the resource tenant offload security decisions to an external entity you do not control.

Security researchers often focus on finding new exploits, but this research serves as a reminder that the most effective attacks often exploit the default "convenience" features built into cloud platforms. If you are testing an environment, look for where the platform tries to make things easier for the user, because that is almost always where the security controls are weakest. Stop assuming your cloud provider has secured your trust boundaries for you. Audit them, lock them down, and assume that every guest account is a potential vector for a full tenant compromise.