Silverfort researchers discovered that Microsoft's 'Agent ID Administrator' role in Entra ID had a scope enforcement flaw allowing users to take ownership of unrelated service principals across a tenant. Because agent identities are built on the same service principal primitives as regular applications, the boundary between agent and non-agent objects was not properly enforced. This enabled attackers to add credentials to compromised service principals and authenticate as those applications, potentially inheriting elevated directory roles or sensitive API permissions — effectively mimicking Application Administrator capabilities. Microsoft's MSRC confirmed a full fix was rolled out by April 9, 2026. Researchers noted that while the role is new and not widely used, ~99% of tenants have at least one privileged service principal, making the escalation path a real risk.
Sort: