Research has shown that Microsoft Entra ID (formerly Azure AD), a cloud identity and access management solution, can be manipulated to bypass security measures. Malicious actors can manipulate the credential validation process, transforming the pass-through authentication (PTA) agent into a tool allowing malicious actors to log in as any AD user.

Source: Security Magazine