Mandiant Reports Intune Vulnerabilities in Entra ID
/ 1 min read
New Mandiant report reveals Intune vulnerabilities in Entra ID environments. Mandiant’s Red Team recently demonstrated how advanced threat actors could exploit Intune permissions to gain elevated privileges within Microsoft Entra ID. By leveraging the DeviceManagementConfiguration.ReadWrite.All permission, attackers can modify device management scripts to execute malicious code on Privileged Access Workstations (PAWs), ultimately compromising Entra ID. Mandiant recommends organizations regularly review permissions, enable multiple admin approvals, and monitor service principal activities to mitigate these risks.