MC2MC Connect 2026

05/02/2026, BluePoint Antwerp
Berchem, Belgium

Real world attacks abusing your Entra ID application misconfigurations

With thousands of applications in any given tenant, application management is not top of mind for IT Pros, and the ease of delegation to developers and business application owners relieves much of the burden on IT - if it ain’t broke, don’t fix it, right? Unfortunately, this creates a perfect storm for attackers. What seems like innocent delegation or rather simple secret creation can quickly turn into real world attacks on applications, bringing all the pain of things like data exfiltration, lateral movement, and for those offering services, a loss of trust from customers. In this session we won’t just talk about the theory of attacks but show how easy they are for attackers. But attack demonstrations don’t solve problems; so, we’ll explore the misconfigurations and misconceptions that set the stage for the attack and discuss what organizations should do to protect their applications. Whether you’re an IT Pro, security professional, or developer, this session will be filled with the real defenses you should have in place to protect you from these very real attacks.