Microsoft has allowed unprivileged users to update their own User Principal Names (UPNs) in Entra ID, sparking concerns over security and administrative oversight. To clarify, an unprivileged user can update the user principal name (UPN) for their own Entra ID account but not for others. However, it’s hard to see why any organization would intentionally […] The post Microsoft Accidently Allow Unprivileged Users to Change Their User Principal Names in Entra ID appeared first on Cyber Security News.
This change, which can be executed through the Entra admin center or tools like the Microsoft Graph PowerShell SDK…
If you’re not locking down the admin center and Graph for end users, you’re doing something incredibly wrong.
Yeah, I’m fairly certain that’s default settings or at least strongly reccomended by the docs.
