Entra ID Actor Token: Risk, Impact, and Immediate Mitigations

In the expanding universe of cloud identity management, Microsoft’s Entra ID (formerly Azure Active Directory) stands as a cornerstone of secure access across millions of organizations. Yet, as powerful as these tools are, they are not without their blind spots. Recently, a critical vulnerability was uncovered involving “Actor tokens” — undocumented impersonation tokens used internally by Microsoft — which allowed an attacker to obtain Global Admin privileges across any Entra ID tenant worldwide.

This vulnerability touches on the fundamental balance of cybersecurity: how a seemingly small flaw in legacy design can expose vast attack surfaces, and why layered defense and rapid patching are crucial to containing such risks.

What Went Wrong: Actor Tokens and API Validation Flaws

Microsoft designed Actor tokens for backend service-to-service (S2S) communication. These tokens enable a service like Exchange Online to act on behalf of a user when accessing other Microsoft services such as SharePoint or Entra ID Graph APIs. These tokens are impersonation tokens with a 24-hour lifespan but carry minimal security controls:

• They bypass Conditional Access policies, meaning no tenant-specific policy can limit their scope.
• Their usage does not generate logs in the target tenant, obscuring unauthorized access attempts.
• They are unsigned, allowing crafted modifications, making them susceptible to misuse if leaked.

The critical flaw emerged from how the legacy Azure AD Graph API validated these tokens. Unlike Microsoft’s modern Graph API, which incorporates strong logging and validation, the older API failed to properly validate the originating tenant for these tokens. This defect meant an attacker with access to an Actor token from a single tenant could impersonate any user — including Global Admins — in any other tenant, granting full administrative control.

Why Is This Bad? The Real-World Risks

Global Admin in Entra ID is the “keys to the kingdom.” Anyone with this privilege can:

• Modify user accounts, including creating or elevating new Global Admins.
• Access sensitive tenant configurations, Conditional Access policies, and device information.
• Control Microsoft 365 services including Exchange, SharePoint, and Teams.
• Manage Azure resources and subscriptions tied to the tenant.

The scale of impact means every Entra ID tenant on the public cloud was potentially vulnerable. With the ability to impersonate users silently, threat actors could perform reconnaissance, data exfiltration, or persistent compromise without triggering alerts.

Moreover, due to B2B guest user relationships, attackers could exploit trust relationships between tenants. By hopping through federated guest accounts, a compromise could ripple through multiple organizations exponentially.

Challenges in Detection and Mitigation

This vulnerability highlighted several limitations often faced in large-scale cloud identity platforms:

1. Invisible Attack Surface: Because issuing and using Actor tokens generated no logs in the victim tenant, attackers could move undetected for extended periods. Unlike normal user token usage, this flaw broke the fundamental principle of auditability.
2. Legacy Technology Constraints: The fault arose in the older Azure AD Graph API, which Microsoft has long deprecated but still remains in use. Legacy APIs often lack modern security measures found in newer platforms, creating systemic risks.
3. Token Design Flaws: Actor tokens are unsigned delegation tokens that inherently lack revocation capabilities and bypass many conditional policies. Such design decisions, while perhaps expedient initially, can undermine tenant security at scale.
4. Brute Force Feasibility: Attackers could brute force incremental user identifiers (netIds) to impersonate users, a low-noise and effective method given these identifiers are predictable.

Microsoft’s Response and the Path Forward

Upon responsible disclosure by the researcher Dirk-jan Mollema, Microsoft took decisive steps:

• Patch deployed within days disabling Actor tokens' cross-tenant use.
• Issuance of CVE-2025-55241 publicly acknowledging the vulnerability.
• Additional mitigations preventing service principals from requesting Actor tokens.
• Gradual sunset of legacy Azure AD Graph API in favor of Microsoft Graph API with improved security and telemetry.

This swift response underscores the importance of coordinated vulnerability disclosure and maintaining proactive cloud service monitoring.

What Can Organizations Do?

While Microsoft has addressed the core vulnerability, the incident highlights systemic lessons for organizations and security teams:

• Minimize Legacy API Exposure: Evaluate and limit use of deprecated APIs lacking robust security controls.
• Audit B2B Relationships: Guest user access across tenants magnifies the blast radius of a compromise — conduct regular reviews and apply the principle of least privilege.
• Implement Layered Monitoring: Although some tokens bypass logs, correlate unusual admin-like behavior with known benign actors — consider deeper endpoint and identity detection.
• Stay Informed and Patch Quickly: Cloud identity platforms evolve rapidly; keep pace with security bulletins from cloud providers and test patches promptly.
• Educate Admins About Token Risks: Understanding the nature of tokens and authentication mechanisms is critical, so administrators know which behaviors and anomalies to look out for.

Balancing Innovation and Security in Cloud Identity

This vulnerability demonstrates an endemic challenge in cybersecurity: legacy design choices and convenient, powerful features in complex cloud ecosystems may introduce unanticipated risks. Actor tokens were never intended for external use, but their incomplete security design meant a critical weakness once misused.

The good news is no public abuse was detected before the patch, showing that the community and vendors working together can secure even the most complex environments. However, it’s a reminder that behind every new cloud convenience lies a need for vigilance, layered protections, and readiness to mitigate emerging threats.

Just like Drive.ai’s perspective on real-world limitations guiding AI design, cybersecurity professionals must accept no system is perfect—not even Entra ID. Instead, focus on risk management, rapid response, and ongoing improvement, so your organization stays resilient in an ever-changing threat landscape.