Investigating Suspicious AI Workflows in Microsoft Entra Age...

[carlospolop]

🤖 Automated Content Update

This PR was automatically generated by the HackTricks News Bot based on a technical blog post.

📝 Source Information

• Blog URL: https://redcanary.com/blog/threat-detection/entra-id-ai-workflows/
• Blog Title: Investigating Suspicious AI Workflows in Microsoft Entra Agent ID: Autonomous Agents
• Suggested Section: Azure Pentesting -> Az - Privilege Escalation -> Az - EntraID Privesc, with cross-links from Az - Persistence and Az - Services -> Az - Entra ID (AzureAD) & Azure IAM. A new subsection/page could be named 'Az - Entra Agent ID Blueprint Credential Abuse / AgentIdentityBlueprint.AddRemoveCreds.All'.

🎯 Content Summary

Red Canary analyzes a Microsoft Entra Agent ID autonomous-agent abuse scenario where an agent identity escalates impact and establishes persistence by adding a client secret to an Agent Identity Blueprint. This is not presented as a CVE; the core issue is a dangerous identity-permission assignment in Microsoft Entra Agent ID, specifically abuse of AgentIdentityBlueprint.AddRemoveCreds.All, combined with the Entra Agent ID OAuth/token-exchange model.

How Micro...

🔧 Technical Details

Agent blueprint credential persistence: in Microsoft Entra Agent ID, authentication credentials are attached to the agent identity blueprint/blueprint principal path. If an attacker controls an identity with AgentIdentityBlueprint.AddRemoveCreds.All, compromises a managing owner, or steals existing blueprint credentials, they can add a new password credential to a blueprint using Microsoft Graph microsoft.graph.addPassword. That newly created PasswordCredential/KeyIdentifier becomes durable authentication material that can later be used to authenticate as the blueprint principal.

Cross-blueprint privilege escalation: agent identities are expected to operate within the scope of their parent blueprint principal. If an agent identity belonging to a lower-trust blueprint, such as a development blueprint, can modify credentials on a higher-trust production blueprint, the attacker has crossed the intended bluepri...

🤖 Agent Actions

Done.

Updated:

• src/pentesting-cloud/azure-security/az-privilege-escalation/az-entraid-privesc/README.md

Added:

• New subsection on Entra Agent ID blueprint credential abuse via AgentIdentityBlueprint.AddRemoveCreds.All
• Attack flow for:
  • adding a blueprint secret with Graph
  • abusing fmi_path token exchange to impersonate child agent identities
  • cross-blueprint privesc/persistence
• Quick validation commands
• Hunting notes and KQL
• ## References section with the Red Canary post and Microsoft Learn docs

Validation:

• Checked the final diff
• Fixed internal relative links
• Confirmed banner remains last line
• mdbook build could not be run here because mdbook is not installed (mdbook: command not found)

---

This PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.

[carlospolop]

🔗 Additional Context

Original Blog Post: https://redcanary.com/blog/threat-detection/entra-id-ai-workflows/

Content Categories: Based on the analysis, this content was categorized under "Azure Pentesting -> Az - Privilege Escalation -> Az - EntraID Privesc, with cross-links from Az - Persistence and Az - Services -> Az - Entra ID (AzureAD) & Azure IAM. A new subsection/page could be named 'Az - Entra Agent ID Blueprint Credential Abuse / AgentIdentityBlueprint.AddRemoveCreds.All'.".

Repository Maintenance:

• MD Files Formatting: 585 files processed

Review Notes:

• This content was automatically processed and may require human review for accuracy
• Check that the placement within the repository structure is appropriate
• Verify that all technical details are correct and up-to-date
• All .md files have been checked for proper formatting (headers, includes, etc.)

Bot Version: HackTricks News Bot v1.0