Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover
Summary
Microsoft fixed a security flaw in Entra ID (Microsoft's identity management system) where the Agent ID Administrator role, meant for AI agents, could be abused to take over service principals (accounts that applications use to authenticate). An attacker with this role could become the owner of any service principal and add their own credentials, potentially gaining broad control over a tenant (organization's cloud environment) if the targeted service principal had elevated permissions.
Solution / Mitigation
Microsoft rolled out a patch on April 9, 2026 across all cloud environments. Following the fix, any attempt to assign ownership over non-agent service principals using the Agent ID Administrator role is now blocked and displays a "Forbidden" error message. Organizations are also advised to monitor sensitive role usage related to service principal ownership or credential changes, track service principal ownership changes, secure privileged service principals, and audit credential creation on service principals.
Classification
Affected Vendors
Related Issues
Original source: https://thehackernews.com/2026/04/microsoft-patches-entra-id-role-flaw.html
First tracked: April 28, 2026 at 08:00 AM
Classified by LLM (prompt v3) · confidence: 85%