Education
Clearly this is for penetration testing, not for evil! So if you have to pentest Office 365 you might want to be attacking the authentication services. This will be aligned to the tenant you are testing, as always make sure you have authorisation.
Deploy to your favourite LINUX instance or WSL etc.
Read more “Password Spraying Office 365”
Defense
Only admins can use PowerShell, right? Wrong! In Office 365 and Azure AD standard users can connect using PowerShell.
In this quick post we are going to look at how to disable users from being able to read other users data using the MSOL cmdlets. (this also appears to limit AzureAD cmdlets access as well)
Run the following command as a global admin: Read more “Hardening Office 365 PowerShell Access”