Microsoft fixes Entra ID vulnerability enabling service principal takeover

Colleagues, a cybersecurity alert: Microsoft has remediated an Entra ID vulnerability.
What was found: Silverfort reported that the Agent ID Administrator role could become owner of arbitrary service principals and add credentials.
Risk: full service-principal takeover and privilege escalation where privileged roles or broad Microsoft Graph permissions exist.
Fix: disclosed 1 March; Microsoft released a patch on 9 April — assigning owner to non‑agent SPs now returns 'Forbidden'.
Recommendations: monitor sensitive roles, track SP owner changes and audit credential creation.
Why it matters: SP ownership permits actions within the principal's privileges, so owner control is critical.
What measures have you implemented to protect your SPs?
#cybersecurity #EntraID #cloudsecurity


Latest comments
No comments yet.