"Rogue Azure AD Guests Can Steal Data via Power Apps"

Guest accounts in Azure AD (AAD) provide external third parties with limited access to corporate resources. The objective is to facilitate collaboration without excessive risk of exposure. However, enterprises may inadvertently overshare access to sensitive resources and applications with Azure AD guests, thus enabling data theft and other threats. An upcoming presentation at Black Hat USA will detail how a toxic combination of easily manipulable default guest account settings and connections within Microsoft's low-code development platform known as Power Apps can open the door for guest accounts to gain access to the corporate jewels. This article continues to discuss the possible data theft by rogue Azure AD guests through Power Apps. 

Dark Reading reports "Rogue Azure AD Guests Can Steal Data via Power Apps"