On February 21, 2025, cybersecurity expert Jason Haddix, from Arcanum Information Security, released MSFTRecon—a powerful tool designed to scan Microsoft 365 and Azure for security loopholes, misconfigurations, and attack paths without needing a login. This tool is a game-changer for ethical hackers and security teams, helping them spot weaknesses before real attackers do. MSFTRecon works like a digital detective, mapping out how an organization’s identity, applications, and infrastructure are connected. It can detect password spraying risks (where hackers try common passwords on many accounts), SAML authentication flaws (which can let attackers bypass login protections), and OAuth token abuse (which can let hackers steal permissions to access sensitive data). It also identifies weak spots in Azure, helping organizations secure their cloud environment from lateral movement attacks (where an attacker moves through different services after gaining access). Another key feature of MSFTRecon is its ability to analyze security settings, checking for weak conditional access policies and potential evasion tactics used against Microsoft Defender for Identity (MDI)—a security tool meant to detect threats in Microsoft environments. For security professionals, MSFTRecon is a wake-up call—showing how much information is publicly available to attackers without even needing a password. This highlights the urgent need for stronger authentication, better monitoring, and stricter access controls to keep hackers out before they get in.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.
