Identity Control Plane Under Attack: Consent Abuse and Hybrid Sync Risks

Описание: Monday, Februray 23rd 2026 | 8:00AM – 9:00AM (PT, Redmond Time webinar recording date)

Microsoft Defender for Identity | Identity Control Plane Under Attack: Consent Abuse and Hybrid Sync Risks

Presenters: Dima Zinkevich, Nestori Syynimaa, Tal Guetta, and Luc van den Ende

Description:
A new wave of identity attacks abuses legitimate authentication flows, allowing attackers to gain access without stealing passwords or breaking MFA. In this session, we’ll break down how attackers trick users into approving malicious apps, how this leads to silent account takeover, and why traditional phishing defenses often miss it.

We’ll also dive into the identity sync layer at the heart of hybrid environments. You’ll learn how Entra Connect Sync and Cloud Sync are protected as Tier-0 assets, how Microsoft Defender for Identity secures synchronization flows, and how the new application-based authentication model strengthens Entra Connect Sync against modern threats.

Timestamps:
00:00 – Introduction
01:18 – OAuth2 rundown
08:40 – "ConsentFix" attack technicalities
14:45 – Detection methods
16:50 – ITDR detection (demo + example)
21:08 – Hybrid Sync Risk
35:45 – Identity attack paths
40:50 – Close