This sector deep-dive is currently available in Portuguese only. Full English translation is in progress.

/servicos · Pentest Microsoft Azure

Pentest Azure: Entra ID, Storage, AKS, Functions

Pentest Azure focado em Entra ID (ex-Azure AD), RBAC, Conditional Access, Storage Account público, AKS, Functions e Logic Apps.

Cotar pentest Azure See vectors

90% manual · 10% automated

OSCP · CISSP · CRTO · GPEN

BR · PT · IT · ES · MA · US · AU

OWASP · MITRE · PTES · NIST

Why now

The real pain

Azure tem 60% do mercado brasileiro de empresa que já tinha Office 365 e migrou infra. Entra ID é o alvo nº1 — phishing, illicit consent grant, app registration backdoor. Pentest Azure manual mira em Entra ID + identity protection + Conditional Access bypass.

Applicable frameworks

CIS Azure Benchmark 2.0Microsoft Cloud Adoption FrameworkAzure Security Benchmark v3ISO 27017PCI-DSS 4.0

/attack-surface

Pentest Microsoft Azure

Every engagement is designed for your environment. The points below are part of our standard playbook for this sector — final scope is adapted to your stack and contract.

Entra ID (Azure AD)

Sync issues, hybrid identity, illicit consent, app registration, OAuth abuse, password spray, MFA bypass.

RBAC e PIM

Role assignments, Privileged Identity Management, custom roles, escalação via Owner contributors.

Conditional Access

Bypass de policy, gaps de plataforma, named locations, device compliance.

Storage Account

Acesso público, shared key, SAS token eterno, immutable storage policy.

AKS

RBAC, Azure AD integration, pod identity, network policy, container escape.

Functions e Logic Apps

Managed identity, function key exposto, Logic App workflow com endpoint público.

/methodology

Genuinely manual pentest

Automated scanners find what's documented. Real attackers find what isn't. 90% of the work is manual — performed by specialists holding OSCP, CISSP, CRTO and GPEN.

01 · Reconnaissance

Target mapping, OSINT, footprint, sector-specific threat modeling.

02 · Discovery

Deep enumeration, complementary scanning, manual exposure identification.

03 · Exploitation

Manual validation with controlled PoC, finding chaining, escalation.

04 · Report

Executive + technical, step-by-step replication, mapped to applicable regulation.

/why-trust

Who has trusted our work

Tenant Azure de organizações com hybrid identity (AD on-prem + Entra) e Office 365 corporativo.

Caixa Econômica Federal

Banco BMG

iFood

ArcelorMittal

Multibanco

Polícia Federal

Fórmula 1

OpenFinance

Technical assessment recognized in highly regulated, mission-critical environments — the pentest that finds what nobody had found before.

Douglas Lopes

Founder · CEO · intrus.io

/faq

FAQ — Pentest Microsoft Azure

Vocês usam BloodHound Azure?

Sim. BloodHound + AzureHound + ROADtools + MicroBurst pra enumeração de Entra ID e escalação. Tudo manual revisado.

Faixa de preço?

Tenant pequeno: R$ 12-30k. Tenant médio com hybrid: R$ 35-80k. Enterprise multi-tenant: R$ 80-200k.

/contact

Cotar pentest Azure

Schedule a confidential meeting. Within 48h we'll send a proposal with scope, timeline and pricing.

Talk to us See other sectors

Other sectors we cover

/pentest-mobile

Pentest Mobile

/pentest-api

Pentest de API

/red-team

Red Team

/pentest-cloud-aws

Pentest AWS

/pentest-cloud-gcp

Pentest Google Cloud

/pentest-kubernetes