Entra ID

Hidden exclusions in Entra ID Conditional Access policies let attackers bypass MFA and use an overly scoped Graph token to enumerate tenant data.