“The impression relies on the privileges assigned to the focused service principal,” the researchers stated. “In environments the place service principals are extensively used or maintain elevated permissions, this could result in vital escalation. Tenant posture can additional affect the impression, for instance in circumstances of broadly consented functions or permissive configurations.”
The researchers famous that Agent ID Administrator is pretty new and isn’t in huge use but, however the service principal-based escalation path is. “About 99% of tenants have no less than one privileged service principal (not essentially agent-related),” they stated. Of them, greater than half use agent identities averaging round 100 per tenant, making a “actual danger.”
Microsoft Safety Response Middle (MSRC) instructed Silverfort that an inside repair was totally rolled out by April 9, 2026, requiring no additional person motion. Researchers nonetheless revealed a couple of suggestions together with detection steps to assist customers establish and reply to related patterns.
