https://ioctl.lol/tags/azure/Recent content in Azure on ioctlHugoenioctlMon, 16 Mar 2026 00:00:00 +0000https://ioctl.lol/tools/azure-roles-digger/Mon, 16 Mar 2026 00:00:00 +0000https://ioctl.lol/tools/azure-roles-digger/<h2 id="the-problem">The problem</h2> <p>Azure permission auditing is a special kind of hell.</p> <p>You run <code>az role assignment list</code> and get back&hellip; direct assignments. That&rsquo;s it. No inherited roles from group nesting. No Entra ID directory roles. No PIM-eligible roles sitting there waiting to be activated. Nothing about what that service principal can <em>actually</em> do when you trace the full chain.</p> <p>So you&rsquo;re left clicking through 15 portal blades, running separate Graph queries, cross-referencing group memberships by hand, piecing it all together in a spreadsheet like it&rsquo;s 2005. And after 30 minutes you&rsquo;re still not sure you found everything.</p>https://ioctl.lol/tools/ua-mfa-bypass/Mon, 16 Mar 2026 00:00:00 +0000https://ioctl.lol/tools/ua-mfa-bypass/<h2 id="the-technique">The technique</h2> <p>Orgs love enforcing MFA via Conditional Access policies. Makes the compliance people happy, box gets checked, everyone goes home. Except then someone realizes their meeting room displays can&rsquo;t handle modern auth prompts. And the office printers need to talk to SharePoint. And legacy Outlook 2013 clients are still on half the floor.</p> <p>So they add exclusions. Lots of exclusions:</p> <ul> <li>Legacy mail clients (Outlook 2010, 2013)</li> <li>Meeting room devices (Teams Rooms, Surface Hub)</li> <li>IoT devices, printers, healthcare monitors</li> <li>Gaming consoles (yes, a PlayStation can authenticate to Entra ID)</li> </ul> <p>Here&rsquo;s the thing — when you hit the ROPC (Resource Owner Password Credential) flow, you authenticate with just username + password. No browser, no redirect, no MFA prompt. And the only thing telling Azure what &ldquo;device&rdquo; is connecting is the <strong>User-Agent header</strong>.</p>