Attackers found a Microsoft 365 sign-in path that many MFA policies were not watching.
A password spray campaign targeting Azure CLI sign-ins generated more than 81 million login attempts from June 12 to June 26, 2026, according to Huntress. The firm said attackers compromised at least 78 Microsoft accounts across 64 organizations before attacks from the identified IP range ended on July 2.
The campaign did not break multifactor authentication. It exposed a narrower but serious problem for Microsoft 365 and Microsoft Entra ID admins: Conditional Access policies can leave users exposed when they cover only certain apps, users, locations, or enforcement modes.
How Azure CLI became the attack path
The attackers used exposed username-and-password combinations against Azure CLI through the Resource Owner Password Credentials flow, or ROPC, according to the Huntress report. ROPC lets an application handle a user’s password directly instead of sending the user through an interactive sign-in prompt.
Microsoft says it does not recommend ROPC because the flow is incompatible with MFA and more secure alternatives are available in most scenarios.
The gap became clear on June 22, when Huntress saw 30 accounts across 23 businesses affected in one day. Fifteen had MFA implemented and enforced through Conditional Access, but the policies did not cover the Azure CLI ROPC sign-in path.
The recurring issues were narrow policy scope and incomplete enforcement. Huntress found MFA policies scoped to specific apps instead of all cloud apps, policies applied only to administrators, trusted-location exceptions that weakened MFA requirements, and policies left in report-only mode. Eight additional businesses affected by the campaign had no MFA policy at all.
Huntress traced most of the activity to the IPv6 range 2a0a:d683::/32, linked to LSHIY LLC and AS32167. The company later updated its report to say LSHIY suspended the user’s service and that attacks from the range had ended.
How admins can close the policy gaps
Admins should start with Conditional Access scope. Microsoft’s legacy-authentication guidance recommends including all users and all resources when creating a policy to block legacy authentication, with exclusions only where needed to prevent lockouts.
Priority checks include whether MFA policies cover Azure CLI sign-ins, whether standard users are included, whether trusted-location exceptions are too broad, and whether any policy remains in report-only mode. Admins should also review whether non-administrative users need Azure CLI access.
Credential hygiene is part of the fix. The attackers appeared to use older exposed passwords that had never been rotated, so organizations should check for credential exposure and force resets where needed. AI-driven identity attacks are also putting more pressure on access controls, while Windows Hello PIN security can reduce the replay value of stolen passwords when deployed correctly.
Automation deserves a separate review. Microsoft’s Azure CLI documentation recommends service principals for scripts and says the September 2025 MFA requirement applies to Microsoft Entra ID user identities, not workload identities such as service principals or managed identities.
That review should include how tools, scripts, and agents inherit permissions, since enterprise security gaps around AI agents can widen access risk.
Detection teams should review Entra ID sign-in logs for noninteractive sign-ins, ROPC activity, Azure CLI authentication, and traffic tied to AS32167 or 2a0a:d683::/32. The IP-range activity ended, but tenants with the same Conditional Access gaps remain exposed.
Read more: Phishing remains another route into trusted workflows, as Microsoft’s investigation into a hotel phishing campaign in Japan shows.