Microsoft Fixes Entra Conditional Access Bypass Abusing Nested App Authentication
6 min. read 
Published on
Microsoft has fixed a Microsoft Entra Conditional Access bypass that allowed certain Nested App Authentication flows to issue Microsoft Graph access tokens without proper policy enforcement, according to NetSPI.
The issue mattered because Conditional Access policies are one of the main defenses used by Microsoft 365 and Azure tenants. Admins use them to require multifactor authentication, compliant devices, trusted locations, and other access controls. Microsoft describes this model in its Conditional Access policy documentation.
Access content across the globe at the highest speed rate.
70% of our readers choose Private Internet Access
70% of our readers choose ExpressVPN
Browse the web from multiple devices with industry-standard security protocols.
Faster dedicated servers for specific actions (currently at summer discounts)
NetSPI said the bypass was not a simple remote attack. An attacker first needed to obtain an Azure Portal refresh token, most likely through phishing, adversary-in-the-middle activity, or access to the victim’s credentials and MFA material. After that, the attacker could abuse specific brokered authentication flows for a limited time.
How the Conditional Access Bypass Worked
The technique centered on Nested App Authentication, a Microsoft single sign-on framework that lets a host application broker authentication for a nested application. In normal use, this reduces repeated login prompts when users move between Microsoft 365 and Azure services.
In the vulnerable flow, the Azure Portal acted as the host application. NetSPI found that an Azure Portal refresh token could be brokered to the ADIbizaUX client to request a Microsoft Graph token without triggering the expected Conditional Access checks. The NetSPI disclosure says the same issue also affected two Microsoft Intune portal extension applications.
This stood out because Conditional Access should evaluate policy requirements when tokens are issued. Microsoft explains that policies combine assignments and access controls, and that all applicable requirements must be satisfied before access is granted in its Conditional Access policy guidance.
What Was Affected
The affected paths involved Microsoft first-party applications and Microsoft Graph access tokens. ADIbizaUX is used by the Azure Portal for identity and access management tasks, including users, groups, applications, directories, and Conditional Access policies.
The research builds on earlier work around token brokering and first-party Microsoft clients. Secureworks previously documented the Family of Client IDs research, while SpecterOps published a detailed offensive walkthrough of Nested App Authentication, also known by researchers as BroCI.
The important difference in this case was that Conditional Access enforcement failed for specific NAA-based flows. NetSPI said similar refresh operations using some FOCI-enabled clients, such as Microsoft Teams, were blocked correctly once a blocking policy applied.
| Area | Details | Status |
|---|---|---|
| Security control | Microsoft Entra Conditional Access | Patched by Microsoft |
| Authentication flow | Nested App Authentication using Azure Portal refresh tokens | Previously vulnerable in specific flows |
| Known affected clients | ADIbizaUX, Microsoft Intune for Education portal extension, Microsoft Intune portal extension | Retesting showed blocking errors after the fix |
| Attack requirement | Attacker needed an Azure Portal refresh token first | Requires prior compromise |
| Attack window | Azure Portal refresh token was limited to about 24 hours | Not indefinitely renewable in NetSPI’s testing |
Why This Matters for Microsoft 365 and Azure Tenants
Conditional Access is often treated as a last line of defense when credentials get stolen. That is why token-level bypasses can carry serious risk even when the attacker still needs an initial stolen token.
The issue also shows why cloud identity security depends on more than password protection. Attackers who obtain refresh tokens may be able to access services without repeatedly triggering interactive login challenges, especially when brokered authentication paths behave differently from standard OAuth flows.
Microsoft’s target resources documentation says Conditional Access policies apply to resources rather than public client applications. That detail matters when administrators review which services, admin portals, and backend resources their policies actually cover.
Microsoft Has Rolled Out a Fix
NetSPI reported the vulnerability to the Microsoft Security Response Center on March 17, 2026. Microsoft opened a case the next day, was later notified about additional affected applications, and acknowledged on June 8, 2026 that the issue had been fixed.
After Microsoft’s patch, NetSPI retested the affected flows and received Conditional Access blocking errors. That means the previously described NAA paths no longer returned Microsoft Graph access tokens when policy enforcement should block them.
The disclosure did not describe a long-term persistence method. NetSPI said the Azure Portal refresh token had a fixed one-day lifetime in its testing, and attempts to keep extending that token stopped working after 24 hours.
What Admins Should Do Now
Microsoft has already addressed the specific bypass, but Entra administrators should still treat stolen refresh tokens as a serious post-compromise risk. The safest response is to review sign-in activity, reduce token theft exposure, and make sure Conditional Access policies cover sensitive resources correctly.
- Review Entra sign-in logs for unusual Azure Portal, ADIbizaUX, and Intune portal activity.
- Check policies that protect Microsoft admin portals, Azure management services, and Microsoft Graph-related access.
- Use Microsoft’s target resources guidance to confirm what each policy protects.
- Revoke sessions for accounts suspected of token theft or adversary-in-the-middle phishing.
- Prioritize phishing-resistant MFA for administrators and other high-value users.
- Monitor for suspicious token use shortly after successful interactive sign-ins.
Research Builds on Earlier Token Abuse Work
The broader lesson is that Microsoft’s identity platform includes brokered flows designed to improve usability across Microsoft 365 and Azure. Those flows can still create complex security edge cases when attackers already have tokens.
Earlier Secureworks research showed how certain first-party Microsoft applications could share refresh token behavior across a family of client IDs. The later SpecterOps analysis explained how brokered NAA requests could help operators pivot between resources during security assessments.
NetSPI’s finding adds another warning for cloud defenders. Conditional Access remains a critical control, but administrators should not assume that every authentication edge case behaves exactly like a normal browser login.
FAQ
It was a flaw in specific Nested App Authentication flows that allowed certain Microsoft Graph access tokens to be issued without expected Conditional Access policy enforcement.
Yes. NetSPI said Microsoft deployed a fix, and retesting showed that the previously affected flows now return Conditional Access blocking errors when policies apply.
No. The attack required an Azure Portal refresh token first, so it depended on prior compromise such as phishing, adversary-in-the-middle activity, or access to credentials and MFA material.
Admins should review sign-in logs, check Conditional Access coverage for sensitive admin resources, revoke sessions for suspected compromised accounts, and prioritize phishing-resistant MFA for privileged users.
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
Improve this guide
User forum
0 messages