Entra Agent ID - Blueprint Principal with roles
Hi,
Last week I took a deeper look at Agent Identities, mainly from a security perspective. There are quite a few interesting aspects, such as cross-tenant agents and inheritable delegated/application API permissions.
One thing I am still unsure about is the effect of role assignments (Entra ID Roles / Azure Roles) on the Blueprint Principal. Do they actually have any practical effect? If yes, how could they be abused?
In my testing, when using the client credential flow to authenticate as the Blueprint Principal, the resulting token only contains the scopes AgentIdUser.ReadWrite.IdentityParentedBy and AgentIdentity.CreateAsManager, regardless of which API permissions were consented on the Blueprint Principal. I even tested this with a large number of Microsoft Graph permissions (578).
For other APIs, such as Azure ARM, the Blueprint Principal does not seem to be allowed to authenticate at all:
$tokens = Invoke-ClientCredential -TenantId "925c2cd8-xxxx-xxxx-xxxx-1257ffd75334" -ClientId "92d0854a-xxxx-xxxx-xxxx-6cea896c7de2" -ClientSecret "...." -Api "management.azure.com"
[*] Starting Client Credential flow: API management.azure.com / Client id: 92d0854a-xxxx-xxxx-xxxx-6cea896c7de2 / Auth: ClientSecret
[!] Aborting....
[!] Error: unauthorized_client
[!] Error Description: AADSTS82001: Agentic application '92d0854a-xxxx-xxxx-xxxx-6cea896c7de2' is not permitted to request app-only tokens for resource '797f4846-ba00-4fd7-ba43-dac1f8f63013'.
Therefore, Azure role assignments also do not appear to be abusable.
So, at the moment, it looks to me like roles assigned to Blueprint Principals are not directly abusable.
Is that understanding correct, or am I missing something?