Microsoft Entra ID Analyzer Added for Azure

Panoptica now analyzes your Microsoft Entra ID data in Azure, just like it already does for AWS, GCP, and OCI. Collecting the Entra ID principals (formerly Active Directory) in your Azure account enables Panoptica to analyze the effective permissions – on both the subscription level and the management group level – and identify risks involving overly permissive access.

This new CIEM capability can help you find non-admin users holding admin permissions as well as various elevated permissions granted to a wider scope than intended. Such risks can lead to privilege escalation and lateral movement in your Azure environment.

Our research team added dozens of new risk definitions to the catalog of Supported Services and Risks, which are used in the following two Attack Paths:

  • Administrator access compromised
  • Privilege escalation