skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Mandiant Reports Intune Vulnerabilities in Entra ID

/ 1 min read

New Mandiant report reveals Intune vulnerabilities in Entra ID environments. Mandiant’s Red Team recently demonstrated how advanced threat actors could exploit Intune permissions to gain elevated privileges within Microsoft Entra ID. By leveraging the DeviceManagementConfiguration.ReadWrite.All permission, attackers can modify device management scripts to execute malicious code on Privileged Access Workstations (PAWs), ultimately compromising Entra ID. Mandiant recommends organizations regularly review permissions, enable multiple admin approvals, and monitor service principal activities to mitigate these risks.