news 2025.11.26

Hybrid AD + Entra ID Security Update

Recent research at Black Hat USA 2025 revealed attacks targeting hybrid AD + Microsoft Entra ID: forged Kerberos tickets, Exchange hybrid certificate abuse, and seamless SSO manipulation.

Current Status:
• Microsoft blocked partial abuse paths (Aug 2025)
• Exchange/SharePoint impersonation still possible in some scenarios
• Hard matching in Entra ID Connect now supported

Immediate Actions:
1. Audit Exchange hybrid activity for suspicious S2S token usage
2. Monitor OnPremAuthenticationFlowPolicy changes
3. Apply all Entra ID, Exchange, and Entra Connect security updates
4. Enable hard matching; disable soft match
5. Enforce least privilege for directory sync accounts
6. Consider dedicated Exchange hybrid apps
7. Optional: disable Seamless SSO or rotate AZUREADSSOACC passwords

Sales Enquiry	+852-26044067	sales@nc-s.hk
24 Hours Customer Services	+852-27088405	helpdesk@nc-s.hk

Hong Kong Headquarters	Unit 908-909, 9/F, Tins Enterprises Centre, 777 Lai Chi Kok Road, Cheung Sha Wan, Hong Kong
Shen Zhen Branch	Unit 412-12,4/F, Block B, Phase I, Tianan Innovation Technology Plaza, No. 25, Tairan 4th Road, Tianan Community, Shatou Street, Futian, Shenzhen
Jiang Men Branch	Unit 2412-2413,24/F, Building A, Wanda Plaza, Pengjiang, Jiangmen

Hybrid AD + Entra ID Security Update

Related