Huntress researchers have exposed a massive password-spraying campaign that leveraged the Azure command-line interface to sidestep common security controls, resulting in 78 compromised Microsoft 365 accounts across multiple organizations. The attack, which unfolded between June 12 and June 26, 2026, generated more than 81 million sign-in attempts and succeeded by exploiting gaps in Conditional Access policies that often overlook non-browser authentication flows.
The Anatomy of an Azure CLI Password-Spray Attack
The attack specifically targeted sign-ins through the Azure CLI, a cross-platform command-line tool used to manage Azure resources and authenticate to Microsoft 365 services. Unlike browser-based logins, CLI authentication frequently bypasses multi-factor authentication (MFA) and device compliance checks because organizations typically configure Conditional Access policies only for interactive web sessions. Threat actors took advantage of this blind spot, scripting automated password sprays against common usernames (e.g., admin@, service@, info@) using well-known weak passwords like ‘Password123’ and ‘Spring2026’.
Password spraying differs from traditional brute-force attacks by attempting a small number of common passwords across a large list of accounts, thereby avoiding account lockouts and raising fewer alarms in security logs. The campaign’s volume—81 million attempts in just two weeks—indicates a highly automated and persistent operation. Huntress noted that the attackers cycled through IP addresses and used multiple tenants to further evade detection.
Conditional Access: The Missing Layer
The heart of the breach lies in misconfigured Microsoft Entra Conditional Access policies. Conditional Access is Microsoft's policy engine that enforces access rules based on signals such as user, device, location, and risk. Properly configured, it can block legacy authentication, require MFA, or demand a compliant device before granting access. However, creating a policy that covers all authentication methods—especially CLI and PowerShell endpoints—requires explicit inclusion of those client apps.
By default, many organizations create a policy that mandates MFA for “Office 365 Exchange Online” or “All cloud apps” but fail to select the “Mobile apps and desktop clients” option under conditions or neglect to target “Other clients” (which includes Exchange ActiveSync, IMAP, PowerShell, and Azure CLI). As a result, MFA is only enforced when a user signs in through a browser, leaving programmatic access wide open if it relies solely on a password. Huntress’s investigation confirmed that in each of the breached environments, Azure CLI authentications were not covered by existing MFA requirements.
How the Breaches Unfolded
Once the attackers successfully authenticated via the Azure CLI, they gained full access to the compromised Microsoft 365 accounts. This included email, SharePoint, OneDrive, and the ability to enumerate directory information. In several instances, the threat actors performed mailbox rule creations to forward sensitive emails externally, searched for financial documents in SharePoint, and attempted lateral movement by enumerating Azure AD roles. The compromised accounts spanned industries from manufacturing to legal services, suggesting the campaign was opportunistic rather than targeted at a specific sector.
Huntress was able to trace the attack’s infrastructure to a network of virtual private servers hosted predominantly in non-sanctioned countries. The researchers also noted that the attackers utilized the Azure CLI’s ability to authenticate with a username and password without additional interactive challenges—something that modern authentication flows using OAuth and browser-based sign-ins would typically prevent.
Post-Compromise Activity and Indicators
After initial access, the adversaries performed common post-exploitation tasks:
- Mailbox rule creation: Forwarding rules that sent all incoming mail to external addresses.
- Directory enumeration: Using Azure CLI commands like az ad user list to map out the organization’s structure.
- Sensitive data exfiltration: Downloading files from SharePoint and OneDrive via CLI commands or Graph API calls.
- Persistence: Some attackers created new Azure AD guest accounts or registered rogue applications to maintain access even after password resets.
Huntress provided detection guidance: organizations should monitor Azure AD sign-in logs for high volumes of failed CLI authentications, especially from unfamiliar locations or IP ranges. Anomalies in the ClientApp field showing “Microsoft Azure CLI” combined with a high failure rate are a strong signal of spraying. Successful CLI sign-ins from users who have never used that method before are also highly suspicious.
Why the Azure CLI is a Prime Target
The Azure CLI (az) is a developer and administrator tool that supports both interactive and non-interactive authentication. When using az login, a user can authenticate through a device code flow (which does prompt for MFA if enforced) or with a username and password directly (az login -u <user> -p <password>). The latter method bypasses modern authentication and relies on legacy password validation—this is the vector the attackers exploited. Even when organizations enforce MFA for browser access, the CLI password flow may not trigger it unless the Conditional Access policy explicitly applies to “Other clients” or “Mobile apps and desktop clients” with the correct settings.
Microsoft has gradually deprecated legacy authentication protocols, but the CLI’s password flow remains functional in many tenants unless explicitly blocked. This gap is exacerbated when tenants use security defaults, which only enforce MFA for users in specific circumstances and may not cover all client types. Security defaults are a baseline, not a comprehensive security measure.
Closing the Gaps: Recommendations
In the wake of this campaign, Huntress and Microsoft recommend the following hardening measures:
1. Enforce MFA for All Authentication Flows
- Create a Conditional Access policy that targets all cloud apps and all client apps (both browser and mobile/desktop clients). Under “Grant” controls, require MFA.
- For legacy clients, use a separate policy that blocks authentication from “Other clients” unless absolutely necessary. If legacy authentication is required, limit it to specific IP ranges or users.
2. Disable Unused Authentication Methods
- If your organization does not need Azure CLI or PowerShell access, disable those protocols via authentication policies or through the Azure AD portal (under “Authentication methods” -> “Legacy authentication protocols”).
- Regularly audit service principals and registered apps that could allow background access. Remove unused credentials.
3. Implement Risk-Based Conditional Access
- Use Microsoft Entra ID Protection to assess sign-in risk. Configure a policy that requires MFA or blocks high-risk sign-ins, including those from anonymous IP addresses or impossible travel scenarios.
- Leverage continuous access evaluation to revoke tokens when risk increases.
4. Monitor and Alert on CLI Sign-Ins
- Set up Azure Monitor alerts for suspicious CLI activity: rapid-fire failed logins, CLI logins from new locations, or CLI logins for accounts that typically do not use it.
- Send sign-in logs to a SIEM for correlation. Look for trends in the
AuthenticationContextClassReferencesfield.
5. Employ Azure AD Password Protection
- Enforce a banned password list to prevent users from setting easily guessable passwords. Enable the custom banned password list with terms like “company name,” “season,” and “year.”
6. Educate Users and Admins
- Train administrators never to use their primary admin accounts for CLI or automated tasks. Instead, set up dedicated service principals with restricted permissions and certificate-based authentication.
- Remind all users to avoid common password patterns and to enable MFA wherever possible.
The Bigger Picture: Evolving Threat Landscape
This incident is a stark reminder that threat actors continuously adapt to bypass security controls that are perceived as robust. While many organizations have adopted MFA for web-based logins, the expanding attack surface of APIs, command-line tools, and automation scripts introduces new gaps. The Azure CLI password-spray campaign is not an isolated event; similar tactics have been observed against AWS and Google Cloud CLIs. Huntress expects the trend to grow as more organizations migrate to the cloud and developers favor command-line interfaces over graphical portals.
Microsoft has responded by bolstering its security defaults and continuing to push for passwordless authentication (Windows Hello, FIDO2, Microsoft Authenticator). However, as long as password-based legacy flows exist, they will be exploited. The responsibility falls on cloud administrators to audit and tighten Conditional Access policies regularly, not just at deployment but as part of ongoing security hygiene.
What Comes Next?
For the 78 organizations that fell victim, the immediate response involved forced password resets, revocation of all active sessions, and a thorough audit of mailbox rules and Azure AD applications. Huntress notified affected clients and provided indicators of compromise (IOCs) to help other defenders detect similar patterns. The IOCs include IP ranges used by the attackers and known user-agent strings from the Azure CLI tool.
Looking forward, cybersecurity experts predict that Microsoft will accelerate the deprecation of password-only authentication flows across all cloud services. Organizations are advised to proactively test their Conditional Access policies using the “What If” tool in the Entra admin center, simulating sign-ins from different client apps to uncover gaps. Additionally, third-party tools that analyze sign-in logs for detection of token replay attacks, password sprays, and abnormal CLI usage can provide an extra layer of defense.
The Huntress report concludes with a sobering observation: “The attackers didn’t need a zero-day vulnerability or sophisticated phishing infrastructure. They simply found a door left unlocked because it was assumed no one would check.”