“The impact depends on the privileges assigned to the targeted service principal,” the researchers said. “In environments where service principals are widely used or hold elevated permissions, this can lead to significant escalation. Tenant posture can further influence the impact, for example in cases of broadly consented applications or permissive configurations.”
The researchers noted that Agent ID Administrator is fairly new and isn’t in wide use yet, but the service principal-based escalation path is. “About 99% of tenants have at least one privileged service principal (not necessarily agent-related),” they said. Of them, more than half use agent identities averaging around 100 per tenant, creating a “real risk.”
Microsoft Security Response Center (MSRC) told Silverfort that an internal fix was fully rolled out by April 9, 2026, requiring no further user action. Researchers still published a few recommendations along with detection steps to help users identify and respond to similar patterns.
