Securing Cloud Pcs And Azure Virtual Desktop -

“They’re not breaking the glass,” Marta explained to the CISO the next morning. “They’re walking through the front door wearing our uniform.”

She showed him the log: A single API call to the AVD management plane, executed with stolen credentials. The call changed the assignment of a developer’s Cloud PC from “User A” to “Attacker B.” Then, the attacker launched a new session. No brute force. No malware. Just a misconfigured Azure RBAC role. securing cloud pcs and azure virtual desktop

The forensics team traced the ghost sessions back to a compromised managed identity. Someone had phished a helpdesk admin, stole a service principal’s secret, and used it to register a malicious device to the company’s Entra ID. “They’re not breaking the glass,” Marta explained to

“If we don’t lock down the control plane, yes,” Marta said. “The Cloud PC is a ghost. You can’t handcuff a ghost. You have to lock the séance room.” No brute force

The CISO went pale. “So they can just… reassign a computer to themselves?”

The attack had a name now: Midnight Proxy .