Between June 12 and June 26, 2026, Huntress researchers detected an automated password-spray campaign that bombarded Microsoft Azure CLI authentication endpoints with more than 81 million sign-in attempts. The scale and speed of the attack caught many defenders off guard, revealing dangerous gaps in how organizations enforce multi-factor authentication (MFA) for command-line and automated access. This campaign marks a significant escalation in the ongoing war against identity-based attacks in cloud environments, and it underscores a harsh reality: if your Azure CLI access isn’t locked down, it’s a ticking time bomb.
Anatomy of a Password Spray Attack
Password spraying is a brute-force variant where attackers try a small number of commonly used passwords against a large set of usernames. Unlike traditional brute-force attacks that hammer a single account with thousands of passwords, spraying flies under the radar of account lockout policies. In this case, the attackers automated attempts against the Azure CLI authentication flow, likely targeting the OAuth 2.0 device code endpoint or the interactive login endpoint. By distributing attempts across millions of user principals over two weeks, they maximized the chance of finding weakly protected credentials while minimizing detection.
The Huntress team observed that the campaign used a sophisticated rotation of IP addresses and user-agents to evade rate limiting. The attackers focused on accounts that lacked MFA or were protected by weak conditional access policies. Given that Azure CLI can be used with service principals, managed identities, or user accounts, this campaign likely exploited gaps in identity coverage—where user accounts permitted for CLI access were not subject to the same MFA policies as their browser-based counterparts.
Why Azure CLI Authentication is a Prime Target
Azure CLI supports multiple authentication methods: interactive login via device code, username/password, service principal with a secret, and managed identities. For interactive usage, the device code flow prompts the user to enter a code at a Microsoft login page, which then authenticates the CLI session. However, if administrators fail to configure conditional access policies to require MFA for Azure CLI, attackers can abuse user accounts that have never enrolled in MFA or where MFA is not enforced for this specific client app.
The client application ID for Azure CLI is well-known (04b07795-8ddb-461a-bbee-02f9e1bf7b46), making it trivial for attackers to target. When an organization enables legacy authentication protocols or excludes this app from MFA requirements, it creates a bypass. Even if MFA is enforced for the Azure portal, a user logged in via CLI might not be challenged for a second factor. This inconsistency is a ticking threat that attackers are actively exploiting.
Service principals—non-human identities used for automation—can be even more vulnerable. Many are provisioned with client secrets that never expire and lack any form of MFA. If an attacker guesses a secret or obtains a certificate, they gain persistent, often privileged access to Azure resources. The Huntress campaign underscores that service principals must be managed with the same rigor as user accounts, yet most organizations lag in this area.
The MFA Gap: How Conditional Access Fails Against CLI Attacks
Conditional Access is the cornerstone of identity protection in Microsoft Entra ID (formerly Azure AD). It allows admins to define risk-based policies, such as “require MFA for all users” or “block legacy authentication.” But these policies are not always comprehensive. The attack surface includes:
- Legacy protocols: POP, IMAP, SMTP, and others that don’t support modern authentication and are often excluded from MFA enforcement.
- Client app exemptions: Admins might exclude the Azure CLI client app from MFA to avoid breaking automation scripts, creating a backdoor.
- Location-based exceptions: Policies that bypass MFA for trusted IPs can be abused if attackers spoof or compromise those IPs.
- Service principals: By default, service principals are not subject to Conditional Access policies unless explicitly configured via workload identity policies.
In the Huntress campaign, the sheer volume suggests attackers were scanning for any accessible endpoint, including those associated with the Azure CLI app. They likely combined leaked username lists with common passwords like Summer2026! or Password123. The 81 million attempts over 14 days average around 67 attempts per second—a rate that would overwhelm log analytics unless properly tuned.
Real-World Impact: What a Successful CLI Compromise Means
A successful login to Azure CLI provides the attacker with the same level of access as the compromised identity. For a user account, that means access to subscriptions, resource groups, and management-plane operations. An attacker can:
- Exfiltrate data from storage accounts, databases, and key vaults.
- Deploy virtual machines, create backdoors, and move laterally across networks.
- Elevate privileges by manipulating role assignments or accessing managed identities.
- Launch further attacks from within the trusted environment, bypassing perimeter defenses.
For a service principal, the impact can be even more devastating. Many service principals possess Contributor or Owner roles on critical resources. If a principal is used in CI/CD pipelines, the attacker could inject malicious code into deployments. The stealthy nature of CLI access means that such breaches often go undetected for months, as security teams focus on portal-based anomalies.
Huntress noted that the campaign targeted a wide range of tenants, from small businesses to large enterprises, indicating a broad, opportunistic approach. The attackers did not need to breach sophisticated defenses; they simply looked for the unlocked door—the Azure CLI access path without MFA.
Why This Campaign Matters Now
Identity attacks are the number one entry vector for cloud breaches. Microsoft’s own Digital Defense Report consistently highlights that 99.9% of compromised accounts don’t use MFA. The Azure CLI campaign amplifies this statistic by targeting an often-overlooked authentication flow. As organizations shift to infrastructure-as-code and DevOps practices, the reliance on CLI tools increases, expanding the attack surface.
Moreover, the campaign’s timing—mid-2026—aligns with a broader trend of attackers automating reconnaissance and authentication abuse at cloud hyperscale. The 81 million attempts surpass previous password spray volumes, such as the 2019 campaign against Office 365 that reached millions of attempts. This demonstrates that threat actors are refining their techniques and building specialized tooling for Microsoft Entra ID endpoints.
Mitigation Steps: Closing the Azure CLI MFA Gap
Security teams must act now to harden identity coverage. The following measures are critical:
1. Enforce MFA for All Human Users, Everywhere
Eliminate any conditional access policy exclusions for the Azure CLI client app. Require MFA for all cloud apps, including the Microsoft Azure Management app. Ensure that device code flow also triggers MFA. While this may impact some automation, the trade-off is necessary.
2. Transition Automation to Passwordless and Phish-Resistant Methods
For service principals, migrate from client secrets to certificate-based authentication or workload identity federation with OpenID Connect. Use managed identities for Azure resources whenever possible, as they eliminate credential management and are not susceptible to spray attacks. For user accounts running scripts, consider cloud-managed privileged access workstations and just-in-time access.
3. Block Legacy Authentication Protocols
Legacy protocols cannot enforce MFA and are a common bypass. Use conditional access to block all legacy authentication, or at least apply a strict policy that prevents any use without a valid business justification.
4. Monitor and Alert on Anomalous Sign-In Patterns
Enable Microsoft Sentinel or a SIEM to ingest Entra ID sign-in logs. Create analytics rules that trigger on high volumes of failed CLI sign-ins, geographically unusual locations, or impossible travel. The Huntress campaign generated distinct fingerprints: repeated failures for the same user across many IPs, and high rates of device code flow attempts.
5. Implement Workload Identity Protection
Use Entra ID’s workload identity features to apply conditional access specifically to service principals. This allows you to restrict service principal usage to trusted IPs or require additional checks. Audit all existing service principals for expired or overly permissive secrets.
6. Regularly Review Exclusions and Emergency Accounts
Emergency break-glass accounts often bypass MFA, making them prime targets. Limit these accounts to a minimum, secure them with FIDO2 keys, and monitor any usage. Review all conditional access policy exclusions quarterly.
Beyond the CLI: A Broader Identity Hardening Strategy
This incident reinforces that identity protection must be holistic. Azure CLI is just one of many non-portal interfaces that can be exploited. Others include PowerShell, REST APIs, and cross-platform tools like Terraform. A unified conditional access policy that covers all client applications—without exception—should be the goal.
Organizations should also embrace Secure Access Service Edge (SASE) architectures that verify every access attempt regardless of origin. Zero Trust principles demand that we treat every authentication request as potentially hostile, especially those coming from CLI tools where the user’s intent is less transparent.
The Road Ahead: What to Expect
Threat intelligence analysts warn that CLI-based spraying will likely increase as attackers catalog more client application IDs and refine their evasion tactics. Microsoft may respond by making MFA mandatory for certain high-risk flows, but until then, the onus is on admins. The Huntress campaign serves as a wake-up call: if you have not recently audited your Azure CLI access, assume it is being tested right now.
Security teams should conduct an immediate review of Entra ID sign-in logs for the period of June 12–26, 2026, looking for patterns of high failure rates with the Azure CLI client app. Even if your tenant wasn’t targeted in this wave, the next one is inevitable. Proactive hardening is the only viable defense.
Ultimately, the 81 million attempts were not just a statistic; they were a proof of concept that MFA gaps in CLI authentication are a systemic vulnerability across the Microsoft cloud ecosystem. Closing these gaps requires a shift in mindset: automation credentials are credentials, and every identity—human or machine—deserves strong, phishing-resistant authentication.