Identity research published in July surfaces two sobering truths for Windows shops: attackers can now bypass dMSA authentication in Windows Server 2025 to mass‑generate service account passwords for lateral movement, and misgoverned first‑party apps in Microsoft Entra ID can be abused to...
active directory
applicationadministrator
authentication bypass
azure ad
cross-tenant
dmsa
domain.readwrite.all
entra id
federation
gmsa
golden dmsa
graph scopes
identity governance
kds root key
mfa bypass
privilege escalation
saml tokens
service principals
tier-0
windows server 2025