Microsoft patched an ‘agent-only’ role that was not
Summary
Microsoft's 'Agent ID Administrator' role, designed to let AI agents have controlled identities in Entra ID (Microsoft's identity management system), had a security flaw that let users take ownership of unrelated service principals (the tenant-specific identities that applications use to authenticate and access resources). This meant attackers could gain the same privileges as more powerful administrator roles and potentially take over the entire tenant (organization's cloud environment).
Solution / Mitigation
Microsoft patched the issue by blocking the Agent ID Administrator role from modifying non-agent service principals. The fix was fully rolled out by April 9, 2026, across all cloud environments.
Classification
Affected Vendors
Related Issues
Original source: https://www.csoonline.com/article/4163708/microsoft-patched-an-agent-only-role-that-was-not.html
First tracked: April 27, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 92%