Azure Survey 2025: 60 million Users and Counting
nyxgeek
ShmooCon XX (Final) · Day 2 · Belay It
In his ShmooCon presentation, "Azure Survey 2025: 60 million Users and Counting," security researcher nyxgeek unveiled the extensive results of his multi-year project to enumerate valid Microsoft 365 users and monitor Microsoft employee presence. The talk detailed two primary components: a massive **user enumeration** effort via OneDrive, which has identified over 63 million unique users, and a **Teams tracking** initiative that monitored Microsoft employees for approximately six months. nyxgeek, a hacker at TrustedSec, critically examined Microsoft's stance on user enumeration, which the company does not consider a security flaw, arguing that this oversight creates a significant and easily exploitable attack surface.
AI review
This presentation uncovers a pervasive user enumeration vulnerability within Microsoft's Azure and M365 ecosystem, demonstrating the collection of over 63 million unique user accounts via OneDrive APIs without authentication. Furthermore, the researcher details persistent methods for Teams presence enumeration, bypassing Microsoft's attempts to monetize the 'fix' rather than secure the platform. The work highlights a critical and unaddressed attack surface, challenging Microsoft's dismissive stance on user enumeration and its implications for national security.