Entra.News - Your weekly dose of Microsoft Entra
Entra.Chat
One Compromised Agent ID Blueprint Can Cross Tenant Boundaries
0:00
-54:28

One Compromised Agent ID Blueprint Can Cross Tenant Boundaries

One compromised Agent ID blueprint can become a multitenant blast radius.

Microsoft Entra Agent ID uses familiar application and service-principal objects under the hood, but its one-to-many hierarchy creates a different security boundary. A blueprint can be associated with many agent identities. When that blueprint belongs to a third-party provider and is trusted across customer tenants, the provider’s credential security becomes part of every customer’s risk model.

In this episode of Entra.Chat, Merill speaks with Katie Knowles, Senior Security Researcher at Datadog, about her three-part security analysis of Microsoft Entra Agent ID. Katie explains the blueprint, blueprint principal, agent identity, and agent-user relationships before walking through a cross-tenant compromise demonstration: compromised blueprint credentials, enumeration of associated agents, token requests in trusting tenants, permission inspection, and selection of a useful target identity.

That path does not automatically grant Global Administrator access. Its impact depends on what the target agent identity has been permitted to do. The important lesson is the control point: one blueprint can sit upstream of many identities, tenants, and permission sets.

Katie and Merill also discuss tenant-owned versus vendor-owned blueprints, the Agent ID Administrator role, first-party agent creation through Microsoft platforms, why production client secrets compound the blast radius, workload identity federation, separating blueprints by risk, reusing app-registration detections, and Microsoft Entra ID Protection for agents.


REGISTER: Hidden Risk of App Permissions in Entra ID

Many Microsoft Entra ID environments contain third-party and custom applications with permissions that are broader than necessary, and most organizations lack visibility into how those permissions are being used. Excessive Microsoft Graph permissions and unused access increase the risk of OAuth abuse and privilege escalation.

Join our live session on July 22 to learn how to:

  • Evaluate delegated versus application permissions

  • Build an effective app governance strategy

  • Reduce unnecessary access without disrupting users

You’ll also see how a free AppGov Score assessment can help identify governance gaps and where unused permissions reporting fit into a least-privilege approach.

Save my Seat


Subscribe with your favorite podcast player or watch on YouTube


About Katie Knowles

Katie Knowles is a Senior Security Researcher at Datadog focused on Azure security research, cloud identity, and securing emerging technologies.


Related Links

Related Entra.Chat Episodes


Chapters

00:00 Intro

01:12 Katie’s Three-Part Agent ID Research

05:40 Agent ID Objects Under the Hood

06:24 One Blueprint, Many Agent Identities

08:43 The Multitenant Trust Boundary

17:33 Cross-Tenant Compromise Walkthrough

28:29 First-Party and Third-Party Blueprints

36:56 Stop Using Client Secrets

38:40 Workload Identity Federation

46:24 Permissions and Privilege Boundaries

49:33 Detecting and Responding to Agent Abuse 51:29 What Comes Next for Agent ID


Podcast Apps

Apple Podcast - https://entra.chat/apple

YouTube - https://entra.chat/youtube

Spotify - https://entra.chat/spotify

Overcast - https://entra.chat/overcast

Pocketcast - https://entra.chat/pocketcast

Others - https://entra.chat/rss


Merill’s socials

YouTube - youtube.com/@merillx

LinkedIn - linkedin.com/in/merill

Twitter - twitter.com/merill

TikTok - tiktok.com/@merillf

Bluesky - bsky.app/profile/merill.net

Mastodon - infosec.exchange/@merill

Threads - threads.net/@merillf

GitHub - github.com/merill

Discussion about this episode

User's avatar

Ready for more?