Entra ID Lateral Movement And Expanding Permission Usage

A Microsoft Entra Connect Sync-synchronized Entra ID environment that synchronizes on-premises identities and groups with Entra ID

By taking these actions, Mandiant was able to fulfill the assessment’s goal and gain Global Administrator rights in Entra ID

Intune allows you to use Access Policies to demand a second administrator’s approval before applying any changes

Keep an eye on service principal sign-ins proactively: Monitoring service principal sign-ins proactively can aid in identifying irregularities

 Intune allows you to use Access Policies to demand a second administrator’s approval before applying any changes

Mandiant advises businesses to routinely check the authorizations given to Azure service principals, with a focus on the DeviceManagementConfiguration

All permission:  DeviceManagementConfiguration should be handled by organizations that use Microsoft Intune for device management