Protect your multi-tenant applications from being hijacked by admins in the customer tenant
In this article, we demonstrate a somewhat convoluted method used by bad actors to obtain persistence and execute operations in the context of Entra ID multi-tenant applications, as well as the steps Microsoft is taking to address the issue. As the solution only covers part of the story, a follow up article and a PowerShell script will be needed to address it. …