The article explains how to secure Entra Agent ID by restricting blueprint-related permissions, reducing risky secrets, and reviewing third-party blueprints to limit the blast radius of a compromise. It also covers how to detect suspicious agent activity and how to disable or delete compromised agent identities and blueprints in Entra ID. #EntraID #AgentID #DatadogCloudSIEM #MicrosoftGraph
Keypoints
- Security teams should limit agent-related roles and permissions that could allow blueprint takeover.
- Agents created from third-party blueprints should be reviewed carefully because compromise of the publishing tenant can affect consuming tenants.
- High-risk permissions such as Agent ID Administrator and Microsoft Graph blueprint credential update permissions should be tightly restricted.
- Blueprints should avoid using secrets for privileged authentication; certificates or federated identity credentials are preferred.
- Entra admin center can be used to review agent blueprints, agent identities, permissions, and associated agent user accounts.
- Suspicious activity can be detected by monitoring for new credentials added to blueprints and by using Entra ID Protection for agents when available.
- Compromised agents can be disabled in Entra admin center, while deletion currently requires Microsoft Graph API.
MITRE Techniques
- [T1098 ] Account Manipulation – An attacker can add or change blueprint credentials to take over identities and escalate access (‘adding a credential to a blueprint to take over the blueprint’s agents’).
- [T1556 ] Modify Authentication Process – The article notes that blueprint authentication can be altered through secrets, certificates, or FICs, and highlights credential changes that enable takeover (‘update blueprint credentials’).
- [T1078 ] Valid Accounts – Compromised agent identities and agent users can be abused with legitimate permissions after takeover (‘takeover of any identity associated with a blueprint’).
- [T1068 ] Exploitation for Privilege Escalation – Over-privileged agent assignments can be used to gain higher access after a compromise (‘these permissions can allow an attacker to escalate privileges after a blueprint compromise’).
- [T1528 ] Steal Application Access Token – The article discusses secrets and credentials used to authenticate blueprints, which if exposed can be used to impersonate the blueprint (‘a secret is easily exposed in code or placed in configuration and environment variables’).
- [T1136 ] Create Account – A new credential can effectively create persistent access for a blueprint or agent identity (‘adding a credential to a blueprint’).
Indicators of Compromise
- [Log Event ] Blueprint credential addition detection – Service: Core Directory; Category: ApplicationManagement; Activity: Update application – Certificates and secrets management
- [Sign-in Log Fields ] Identifying third-party blueprints using secrets – Category: ServicePrincipalSignInLogs; clientCredentialType: clientSecret; agent.agentType: agentIdentityBlueprintPrincipal
- [Entra UI Path ] Reviewing blueprint secrets – Entra ID → Agents → Agent blueprints → [Blueprint Name] → Credentials → Client secrets
- [Entra UI Path ] Reviewing agent permissions – Entra ID → Agents → Agent blueprints / Agent identities → Access → Granted permissions
- [Microsoft Graph Permission ] High-risk takeover capability – AgentIdentityBlueprint.AddRemoveCreds.All, AgentIdentityBlueprint.ReadWrite.All
- [Microsoft Graph Permission Prefix ] Potentially privileged agent permissions – UserAuthMethod-* and other Tier 0 permissions
Read more: https://securitylabs.datadoghq.com/articles/agent-id-protect-detect-respond/