Dirk-jan Mollema, an infosec researcher, discusses a significant vulnerability in Microsoft's Entra ID that allows attackers to gain Global Admin access in any tenant using undocumented “Actor tokens.” This flaw arises from a defect in the Azure AD Graph API, which fails to validate originating tenants, enabling cross-tenant access with impersonation tokens. After reporting it to Microsoft, the vulnerability was swiftly fixed. The implications include potential full control over any Entra ID tenant, with minimal logging or detection capabilities, fundamentally highlighting design flaws in token management and security protocols.
https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/

