Entra’s entitlement management and access packages offer powerful ways to orchestrate permissions—but they also introduce new privilege escalation and persistence risks that many programs haven’t fully explored. This discussion takes a deep dive into how attackers can abuse entitlement management, and what defenders must understand to secure it.

We’ll start with a clear overview of how access packages are structured and used, then pivot into practical escalation paths involving dynamic filters, identity governance roles, automatic approvals, and maliciously crafted packages and policies. We’ll close with detection, monitoring, and remediation guidance designed to shrink the entitlement management attack surface without losing its operational benefits. If you’re adopting access packages alongside PIM, this session will help you do it safely.