This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.
Post
Josh Lemon
joshlemon.bsky.social
did:plc:4io6hn6pccxdum3zwaaudmsy
"I SPy" Entra ID Global Admin Escalation Technique
Datadog's Security Labs identified an abuse of Office 365 Exchange Online service principal (SP) allowing escalation to Global Admin. MSRC considers it "expected misconfiguration" so don't expect a fix.
🔗 https://securitylabs.datadoghq.com/articles/i-spy-escalating-to-entra-id-global-admin/
2025-07-19T04:18:50.442Z