You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
graph scopes
About this tag
The graph scopes tag on WindowsForum.com covers discussions about Microsoft Graph API permission scopes, particularly in the context of identity security and Entra ID. Recent content highlights risks associated with misconfigured first-party app permissions in Microsoft Entra ID, where overly broad graph scopes can be abused to impersonate Global Administrators. The tag also relates to securing Windows Server 2025 and cloud identities, emphasizing the need to audit and restrict graph scopes to prevent lateral movement and privilege escalation. Topics include dMSA authentication bypass and best practices for managing delegated and application permissions in Microsoft Graph.
Identity research published in July surfaces two sobering truths for Windows shops: attackers can now bypass dMSA authentication in Windows Server 2025 to mass‑generate service account passwords for lateral movement, and misgoverned first‑party apps in Microsoft Entra ID can be abused to...
active directory
administrator
azure ad
dmsa
domain.readwrite.all
entra id
federation
gmsa
golden dmsa
graphscopes
identity governance
kds root key
mfa bypass
multi-tenant
privilege escalation
saml tokens
security bypass
service principal
tier-0
windows server 2025