2026-06-24 –, Track 2
In the past, several studies on Entra ID token exchange abuse mainly focused on FOCI (Family of Client IDs) feature abuse and scope-based Conditional Access bypass cases.
Although prior work explored these areas in depth, we noticed that the NAA (Nested APP Authentication) token exchange attack surface has not been widely discussed.
In this talk, we will discuss the undocumented risks of NAA token exchange and how NAA can lead to Conditional Access bypass.
From our findings, we identified the following:
- NAA Undocumented Risk
When an attacker compromises a Broker Client, such as Teams or Outlook, the attacker can use NAA to obtain the Azure Resource Manager user_impersonation scope.
This means that even if only a Broker Client exists on the device, the attacker may still be able to use NAA to compromise cloud resources. - Conditional Access Bypass
During our exploration, we found that NAA can lead to Conditional Access bypass, including MFA bypass, Require Compliant Device bypass, and Token Protection bypass, and we also identified two new bypass series: Broker Client–based bypass and Nested Client–based bypass.
This talk presents a new security vector in Nested App Authentication (NAA) and shows how this design can lead to unexpected access expansion and Conditional Access bypass.
Nested App Authentication is designed to improve user experience by allowing broker applications, such as Microsoft Teams, to request access tokens on behalf of nested applications. However, this design also creates a new attack surface. If an attacker obtains a broker refresh token, they may be able to exchange it for access tokens without requiring additional user interaction.
In our research, we discovered that several nested applications have pre-authorized access to sensitive cloud resources, including Azure Resource Manager (ARM). This creates a risky situation when compromising a device that only uses a broker application, such as Teams, may still allow attackers to gain access to critical Azure resources.
We also identified multiple Conditional Access bypass scenarios related to NAA token exchange. These bypasses affect common security controls such as MFA enforcement, device compliance requirements, and token protection policies.
In this talk, we will explain:
- How Nested App Authentication works
- How attackers can abuse broker refresh tokens
- The undocumented risks in nested app pre-authorization
- Multiple Conditional Access bypass techniques
- The security impact on cloud environments
Shang-De Jiang, also known as HackerPeanutJohn, is a deputy director of the research team of CyCraft. Currently, he focuses on research on Identity Security and Microsoft Security. He has presented technical presentations in non-academic technical conferences, such as DEFCON, TROOPERS, HITB, HITCON, CodeBlue, Blue Team Summit and BlackHat USA. He is the co-founder of UCCU Hacker the private hacker group in Taiwan.
Jun Sheng Shi is a security researcher at CyCraft Technology, focusing on cloud identity security and authentication protocols. His research focuses on Microsoft Entra ID token exchange mechanisms, including FOCI and Nested Application Authentication (NAA). He specializes in discovering authentication bypass techniques and analyzing complex access control behaviors in modern cloud environments.