← Back to services // Offensive

Azure / Entra ID Pentest

Misconfigurations, identity risks and privilege paths in your Microsoft cloud

€175 /hour CCV certified

An in-depth whitebox investigation of your Azure and Entra ID environment. We analyse RBAC configurations, conditional access policies, privileged identity management, service principal permissions and attack paths towards tenant admin.

What is an Azure / Entra ID Assessment?

An Azure / Entra ID Assessment is an in-depth whitebox investigation of your Microsoft cloud. We analyse your configuration, architecture and identity management to help you protect your environment optimally and make it more robust.

Azure and Entra ID form an essential part of your IT infrastructure. The complexity of features like RBAC, conditional access and PIM can make their setup error-prone. Through our extensive experience as pentesters, we now know well what the most common misconfigurations are and how they impact your security.

What do we investigate?

  • Entra ID configuration - conditional access, MFA settings, legacy authentication and password policies.
  • Privileged Access - Global Admin accounts, PIM configuration (standing vs. just-in-time) and break-glass accounts.
  • RBAC & permissions - excessive role assignments, custom roles and rights structures.
  • App registrations & service principals - application vs. delegated permissions and secret management.
  • Attack paths - concrete routes from a regular user to Global Admin.
  • Azure resources - storage accounts, NSG rules, Key Vaults and managed identities.

Why should you get an Azure / Entra ID Assessment?

Microsoft offers strong security features, but it is unwise to run a cloud environment as-is (with only default settings). This introduces unnecessary vulnerabilities. The cloud landscape is complex, evolves quickly and the number of configuration options is enormous. We help you get a grip on it. Think for example of common risks such as:

  • Gaps in Conditional Access - legacy authentication is open or insufficient MFA coverage.
  • Excessive rights - users or service principals with unnecessary Global Admin rights.
  • Forgotten app registrations - old test apps with broad API permissions still active.
  • No PIM - permanent admin rights instead of just-in-time activation.

These kinds of mistakes can lead to a full tenant takeover, data exfiltration from SharePoint/Teams, or lateral movement to your on-premises network via Azure AD Connect. We map this clearly for you.

Our approach

  • Tenant inventory - inventory of all identities, groups, roles and apps.
  • Configuration review - analysis of conditional access, MFA, policies and security defaults.
  • Permission analysis - review of RBAC assignments, app permissions and OAuth consent grants.
  • Attack path mapping - identification of attack paths towards Global Admin (using AzureHound and ROADtools, among others).
  • Azure resource review - review of storage, networks and compute resources.
  • Reporting - a report with risk classification, visualised attack paths and directly applicable hardening steps. No vague theory, but concrete solutions.

Questions after the report? As your security partner we are happy to stay involved after delivery to help you actually resolve and retest the vulnerabilities.

What does an Azure / Entra ID Assessment cost?

Our hourly rate is €175 per hour. The final scope depends on factors such as the size of your tenant, the complexity (multi-tenant, B2B/B2C, hybrid AD) and whether, in addition to Entra ID, you also want to include Azure resources.

Methodology

1

Tenant Inventory

Mapping all identities, roles and applications in the tenant.

2

Configuration Review

Analysis of conditional access, MFA policies and privileged roles.

3

Attack Path Analysis

Identifying attack paths towards Global Admin via misconfigurations.

4

Reporting

Report with risk ranking, attack paths and concrete hardening steps.

Frequently asked questions

What is the difference between an Azure pentest and an Entra ID Assessment?

An Azure pentest focuses on actively exploiting vulnerabilities in Azure resources. An Entra ID Assessment is a whitebox configuration review of identity and access management. We often combine the two - that gives the most complete picture.

Do you need Global Admin rights?

No. We work with a read-only account - Security Reader or Global Reader. No changes to your tenant. We only ask for the rights we need, no more.

How does this compare to Microsoft Secure Score?

Secure Score is a useful starting point but provides a limited picture. It misses organisation-specific risks: attack paths via app registrations, excessive delegations, custom RBAC. Our assessment goes significantly deeper. We look from the perspective of an attacker, not from a checklist.

Can you also assess hybrid AD environments?

Yes. Most of our clients have hybrid environments with Azure AD Connect. We assess the synchronisation configuration, the risks of password hash sync vs. pass-through authentication, and the attack paths between on-premises and cloud.

Related services

// Offensive

Active Directory Pentest

Kerberoasting, delegation abuse and privilege escalation in AD

 // Defensive

Microsoft 365 Review

Complete M365 security assessment

Ready to test your security?

Get in touch with our team for a no-obligation conversation about your security challenges.

Get in touch