The article discusses a significant security risk associated with inviting guest users to Microsoft Entra ID tenants. It highlights how guest users can exploit a gap in access control, allowing them to create and transfer subscriptions into the tenant while retaining ownership. This privilege escalation tactic poses a threat as organizations often underestimate the risks posed by guest accounts. Due to a focus on directory roles rather than billing permissions, security teams may overlook vulnerabilities that guest users can exploit, potentially leading to unauthorized access and lateral movement within the tenant.
Many organizations treat guest accounts as low-risk based on their temporary, limited access, but this behavior opens the door to known attack paths and lateral movement.
Guest-made subscription footholds exploit the fact that Microsoft's billing permissions are scoped at the billing account, not the Entra directory.
Collection
[
|
...
]