DNS rebinding attacks exploit how web browsers handle DNS resolution. This allows attackers to bypass the same-origin policy and launch attacks against the victim's local network. Most discussions of DNS rebinding have focused on targeting local networks on the premises of individuals or organizations. Today, organizations are moving from on-premises to the cloud. However, it remains unclear whether and how attackers can use DNS rebinding in the cloud. This paper presents an attack simulation where a victim executes malicious scripts in Mozilla Firefox running on an Azure virtual machine. The results show that attackers can exfiltrate access tokens from Azure Active Directory via Azure Instance Metadata Service when a managed identity is enabled on the virtual machine. We promptly reported this finding to the Microsoft Security Response Center. Microsoft has addressed this issue. Proof-of-concept code and captured network packets are included in the appendix.