A mis-scoped Agent ID Administrator role in Entra ID allowed users to take ownership of unrelated service principals, enabling potential privilege escalation and tenant-wide impact. An administrative ...