2025-09-05 –, Track 1
This talk reveals a silent but critical misconfiguration in Microsoft Enterprise Enrollment that allows any authenticated user to export sensitive enterprise user data including emails, job roles, and contact info without elevated permissions. We'll uncover how this overlooked flaw can lead to data breaches and share best practices for securely configuring Azure to prevent similar risks.
In today's complex enterprise environments, securing sensitive user data is a top priority. However, many organizations unknowingly expose themselves to data breaches due to misconfigured or overlooked systems. One such risk exists in Microsoft Enterprise Enrollment, Intune, and Entra, which, by default, expose sensitive user information.
In this talk, I will explore how a misconfiguration in Microsoft Enterprise Enrollment, Entra, and Intune allows any authenticated user to export all user details including email addresses, job titles, and contact information into an unprotected Excel file. This "silent" data breach poses significant security risks and often goes unnoticed due to its subtle nature.
The goal of this session is to raise awareness of this default data exposure and its potential impact. We will examine how this flaw can be exploited, the types of sensitive data at risk, and best practices for securing enterprise systems. This talk is intended for security professionals, system administrators, and anyone responsible for managing or securing enterprise environments.
Jeffrey is a Vice President of Cybersecurity Assessment specializing in Offensive Security, with over a decade of experience in Penetration Testing, Vulnerability Management, Cyber Threat Intelligence, and Security Operations. He has led and delivered security assessments for businesses, enterprises, and government agencies, identifying and mitigating critical vulnerabilities across networks, Active Directory, web applications, APIs, wireless networks, and mobile platforms (iOS & Android).
As a recognized expert, Jeffrey actively participates in bug bounty programs and has been acknowledged by top organizations, including Apple, Oracle, Toyota, and Morgan Stanley. His research has contributed to the discovery of multiple vulnerabilities, earning him four CVE IDs.
In May 2024, he presented an API security tool at the Black Hat Arsenal in Singapore, showcasing an API scanning tool designed to enhance security and detect vulnerabilities in API applications.
Upcoming Talk for 2025:
https://www.rootcon.org/html/rc19/speakers#offlineisnewluxury
https://www.bsides.sydney/
