Skip to main content
Modern 42 Logo
Security Research · M42 Labs

Building secure IAM & PAM by day. Testing boundaries by night.

We are deeply knowledgeable engineers who push the boundaries of the systems we implement. By understanding Microsoft Entra ID, Intune, BeyondTrust, and other IAM/PAM platforms beyond what the documentation tells us, we uncover vulnerabilities and build more secure environments for our clients.

View our CVEs Contact us
Who We Are

Security research, driven by engineering.

Modern 42 Labs is the security research division of Modern 42. Our team combines deep expertise in IAM and PAM technologies with a passion for understanding how they work at a fundamental level.

Security Experts

Specialised in discovering and responsibly disclosing vulnerabilities in enterprise security systems.

Engineering Excellence

Our engineers don't just use technology — we understand how it works at the deepest levels.

Research Driven

Continuous research into IAM, PAM, authentication systems, and access control mechanisms.

Featured Discovery

Latest Security Research

Our most recent vulnerability discovery in Microsoft's enterprise identity platform.

m42-labs — advisory/latest.vuln

labs@m42:~/advisories $ cat latest.vuln

---

CVE-2025-XXXXX

Important

target: Microsoft Entra ID

discovered: May 2025

class: Authentication Bypass

Microsoft Entra ID Multi-Factor Authentication Bypass

A critical authentication bypass vulnerability in Microsoft Entra ID that allows attackers to circumvent multi-factor authentication mechanisms under specific conditions. This vulnerability affects enterprise deployments and could lead to unauthorised access to protected resources.

# Impact

Complete MFA and device compliance bypass, unauthorised access to protected resources

# Status

Responsibly Disclosed to Microsoft Security Response Center

cat ./details.txt
Engineering Blogs

Latest from the team

Explore our latest findings and deep-dives into security technologies.

9 Apr 2026

Your Conditional Access Device Filters Are a Paper Wall

We keep bypassing Conditional Access device filters on engagements using browser DevTools and a VM. This post covers the three bypass patterns we see most often — User Agent spoofing, the null property problem, and the bait-and-switch — plus how to build policies that actually hold up.

Conditional AccessEntra ID
View All Posts

Ready to modernise your identity platform? Pick your path.

Whether you need strategic guidance, a platform assessment, or engineers on the ground — we’ll match the engagement to your need.

Assess your environment

Entra ID configuration review, Conditional Access audit, or identity architecture assessment. Know exactly where you stand.

Explore assessments

Design your target state

Target architecture for Entra ID, IGA, CIAM, or SSO migration. A clear blueprint before a single change is made.

Architecture advisory

Build with our engineers

Entra ID hardening, SSO application migration, MIM replacement, or Azure B2C to Entra External ID. We deliver the platform.

Explore engineering

We use cookies

We use cookies and similar technologies to help personalise content, measure the performance of our site, and provide a better experience. By clicking Accept, you consent to the use of all cookies.
Learn more.