graph scopes

About this tag
The graph scopes tag on WindowsForum.com covers discussions about Microsoft Graph API permission scopes, particularly in the context of identity security and Entra ID. Recent content highlights risks associated with misconfigured first-party app permissions in Microsoft Entra ID, where overly broad graph scopes can be abused to impersonate Global Administrators. The tag also relates to securing Windows Server 2025 and cloud identities, emphasizing the need to audit and restrict graph scopes to prevent lateral movement and privilege escalation. Topics include dMSA authentication bypass and best practices for managing delegated and application permissions in Microsoft Graph.
  1. Golden dMSA and Entra ID Risks: Securing Windows Server 2025 and Cloud Identities

    Identity research published in July surfaces two sobering truths for Windows shops: attackers can now bypass dMSA authentication in Windows Server 2025 to mass‑generate service account passwords for lateral movement, and misgoverned first‑party apps in Microsoft Entra ID can be abused to...