Name | Description | Severity |
---|---|---|
Known Federated Domain Backdoor | Microsoft Entra ID can delegate authentication to another authentication provider: a feature called federation. Attackers who gained elevated privileges, can abuse this legitimate feature, by adding their malicious federated domain thus enabling persistence and privilege escalation. | Critical |
Dangerous API Permissions Affecting the Tenant | Microsoft exposes APIs in Entra ID to allow 3rd-party applications to perform actions on Microsoft services. Certain permissions can pose a serious threat to the entire Microsoft Entra tenant. Therefore, their assignment must be carefully reviewed. | High |
First-Party Service Principal With Credentials | First-Party Service Principals have powerful permissions while being overlooked because they are hidden, owned by Microsoft and numerous. Attackers add credentials to them to stealthily benefit from their privileges for privilege escalation and persistence. | High |
Missing MFA for Non-Privileged Account | MFA provides strong protection for accounts against weak or breached passwords. Security best practices and standards recommend that you enable MFA, even for non-privileged accounts. Accounts without an MFA method registered cannot benefit from it. | Medium |