Many enterprises feed HR data into identity providers, making HR the true source of authority for employees. In Entra ID, pre-built integrations with platforms like Workday and SuccessFactors simplify this—but they also introduced a hidden attack path from HR to full tenant takeover.

The session walks through the research that uncovered a new privilege elevation vector in Entra ID, and how a well-crafted abuse chain could “fire” all your Global Admins, overtake break-glass accounts, and bypass commonly used protections. From there, we’ll explore how AI was used to accelerate weaponization of this discovery, and how the attack can be adapted to tenants that don’t use these HR systems at all. You’ll leave with a deep understanding of the underlying integration mechanics, detection clues, and practical mitigation steps to close this class of HR-driven privilege escalation.