Source: The Hacker News
Author: info@thehackernews.com (The Hacker News)
URL: https://thehackernews.com/2026/04/microsoft-patches-entra-id-role-flaw.html
ONE SENTENCE SUMMARY:
Silverfort found Entra’s Agent ID Administrator role allowed service principal takeovers, enabling privilege escalation until Microsoft patched scope checks globally.
MAIN POINTS:
- Microsoft introduced Agent ID Administrator to manage AI agent identities’ full lifecycle.
- The agent identity platform supports secure authentication, resource access, and agent discovery.
- Silverfort discovered role holders could assign themselves ownership of arbitrary service principals.
- Ownership enabled attackers to add credentials and authenticate as the hijacked principal.
- Compromised principals let adversaries act within whatever permissions the principal already had.
- Privileged service principals could grant directory roles or high-impact Microsoft Graph permissions.
- Researcher Noa Ariel described the issue as “full service principal takeover.”
- Responsible disclosure occurred March 1, 2026, with remediation deployed April 9 across clouds.
- Post-fix attempts to target non-agent service principals now fail with a “Forbidden” error.
- The case underscores scoping validation risks when building new identities atop shared primitives.
TAKEAWAYS:
- Treat service principal ownership as a high-risk capability requiring tight governance.
- Confirm built-in role scopes match intended identity types, especially for emerging agent identities.
- Track and investigate changes to service principal owners as potential takeover indicators.
- Audit service principal credential creation and modifications to detect unauthorized persistence.
- Strengthen tenant posture by hardening and reviewing all privileged service principals regularly.