The “Directory Synchronization Accounts” Entra role is very powerful (allowing privilege escalation to the Global Administrator role) while being hidden in Azure portal and Entra admin center, in addition to being poorly documented, making it a perfect stealthy backdoor for persistence in Entra ID 🙈
➡️ Find this article on Tenable’s TechBlog: Stealthy Persistence with “Directory Synchronization Accounts” Role in Entra ID