Identity research published in July surfaces two sobering truths for Windows shops: attackers can now bypass dMSA authentication in Windows Server 2025 to mass‑generate service account passwords for lateral movement, and misgoverned first‑party apps in Microsoft Entra ID can be abused to...
active directory
application administrator
authentication bypass
azure ad
cross-tenant
dmsa
domain.readwrite.all
entra id
federation
gmsa
golden dmsa
graphscopes
identity governance
kds root key
mfa bypass
privilege escalation
saml tokens
service principals
tier-0
windows server 2025