- A privilege escalation flaw in Microsoft Entra ID’s Agent ID Administrator role was patched by Microsoft on April 9, 2026.
- The vulnerability allowed users with the role to take over arbitrary service principals, including high-privileged ones, and add their own credentials.
- Security firm Silverfort disclosed the issue on March 1, 2026, highlighting a risk of identity takeover attacks in cloud environments.
- The flaw underscores the security risks when new identity types, like AI agents, are built on shared foundational components without strict scoping.
Microsoft has patched a critical security flaw in its Entra ID platform that could have allowed attackers to hijack high-privileged service principals and take over cloud identities. According to new findings from Silverfort, the vulnerability stemmed from the Agent ID Administrator role, which was introduced to manage AI agents as part of the agent identity platform.
However, this administrative role suffered from a scope overreach issue. Consequently, users assigned this role could become owners of any service principal within a tenant, not just those related to AI agents.
By adding their own credentials to the compromised principal, an attacker could then authenticate as that entity. Security researcher Noa Ariel said “That’s full service principal takeover.”
This created a direct path for privilege escalation, especially in tenants with high-privileged service principals. The attacker could then operate within the full scope of the hijacked identity’s permissions.
Following Silverfort’s responsible disclosure on March 1, 2026, Microsoft remediated the flaw across all cloud environments on April 9. After the fix, attempts to assign ownership over non-agent service principals now result in a “Forbidden” error.
Meanwhile, the incident highlights the architectural risks of building new identity types on shared foundations. As Ariel noted, “When role permissions are applied on top of shared foundations without strict scoping, access can extend beyond what was originally intended.”
Organizations are advised to monitor sensitive role usage and audit credential creation on service principals. The overall attack risk remains influenced by a tenant’s security posture regarding privileged service principals.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
