Retirement of RBAC Application Impersonation Role in Exchange Online

Retirement of RBAC Application Impersonation Role in Exchange Online

Microsoft’s announcement about the retirement of the application impersonation role in Exchange Online is the response to the Midnight Blizzard attack. Initially, the attackers got in using a password spray attack in a legacy test non-production system that lacks MFA configuration. Then, they compromised a test OAuth app with elevated access in the non-production tenant. Adding…

Follow us!