Pulse of Truth

1598 readers

4 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago

MODERATORS

krogoth

Microsoft Accidently Allow Unprivileged Users to Change Their User Principal Names in Entra ID (cybersecuritynews.com)

submitted 7 months ago by lemmydev2 to c/pulse_of_truth

2 comments fedilink hide all child comments

Microsoft has allowed unprivileged users to update their own User Principal Names (UPNs) in Entra ID, sparking concerns over security and administrative oversight. To clarify, an unprivileged user can update the user principal name (UPN) for their own Entra ID account but not for others. However, it’s hard to see why any organization would intentionally […] The post Microsoft Accidently Allow Unprivileged Users to Change Their User Principal Names in Entra ID appeared first on Cyber Security News.

top 2 comments

sorted by: hot top controversial new old

[–] Kit@lemmy.blahaj.zone 3 points 7 months ago (1 children)

This change, which can be executed through the Entra admin center or tools like the Microsoft Graph PowerShell SDK...

If you're not locking down the admin center and Graph for end users, you're doing something incredibly wrong.

[–] wizardbeard@lemmy.dbzer0.com 1 points 7 months ago

Yeah, I'm fairly certain that's default settings or at least strongly reccomended by the docs.