She showed him the log: A single API call to the AVD management plane, executed with stolen credentials. The call changed the assignment of a developer’s Cloud PC from “User A” to “Attacker B.” Then, the attacker launched a new session. No brute force. No malware. Just a misconfigured Azure RBAC role.
“They’re not breaking the glass,” Marta explained to the CISO the next morning. “They’re walking through the front door wearing our uniform.” securing cloud pcs and azure virtual desktop
Marta smiled. “The cloud isn’t a castle. It’s a river. You can’t build walls. You have to control the flow of trust. Secure the identity. Lock the control plane. And never, ever let the ghost sleep in the gold image.” She showed him the log: A single API
In the morning, Marta walked to the CISO’s office. She placed a single piece of paper on his desk. It was a printout of the failed login attempts. No malware
The CISO read the log. “What’s the lesson for the board?”
“The problem,” she said, pointing, “is session host sprawl . We have 2,000 Cloud PCs. Each one is a fresh Windows installation. But the connection —the RD Gateway, the Broker—that’s the choke point. Midnight Proxy isn’t attacking the OS. They’re attacking the control plane .”