Backdoor #Microsoft Office365 and Microsoft #Azure AD by stealing AD FS certificate/key pair. Golden SAML attack will allow an attacker to:

• Bypass MFA to Azure / Office365
• Logon as any AD user regardless of password resets
• Method is usually valid for a year

https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html