Mapping IDs and Monitoring User Presence in the Azure Ecosystem

Learn about critical security vulnerabilities in Microsoft Azure's ecosystem through this DEF CON 31 conference presentation that reveals techniques for large-scale user information gathering from OneDrive, Teams, and Graph without authentication. Discover silent enumeration methods that bypass logging systems, enabling massive-scale reconnaissance against major corporations, educational institutions, and government entities. Explore findings from an 18-month study involving over 20 million users, including Azure adoption rates and username format analysis. Gain insights into Teams' information disclosure vulnerabilities through default presence settings, and learn an undocumented trick for unauthenticated presence monitoring, demonstrated through tracking approximately 100,000 Microsoft employees. Examine methods for identifying Azure Guest users and uncovering hidden corporate relationships through cross-tenant collaboration features.