Microsoft corrected a potentially catastrophic identity flaw in Entra ID that could have allowed cross‑tenant impersonation of any user — including Global Administrators — by abusing undocumented internal tokens and a validation gap in a legacy API; the publicly tracked identifier for this issue...