A critical gap in Microsoft Entra ID can allow a guest user to gain ownership of an Azure subscription inside another organisation’s tenant. This happens due to how Microsoft separates billing permissions from directory permissions. Although this is not classified as a vulnerability by Microsoft, the impact can be severe. If exploited, a guest user can take full control of cloud resources, escalate privileges, and leave behind long-term backdoors.
This flaw can be triggered easily using standard configurations, without needing advanced abilities or permissions.
How the Exploit Works
This method, referred to by researchers as the “Restless Guests” issue, takes advantage of a weak link in permission management between Microsoft Entra ID and Azure subscription billing.
Microsoft Entra ID controls user access within a tenant. However, Azure billing is linked to billing accounts, which are not governed by the Entra directory. A user who has billing permissions in one tenant, and guest access in another, can use this combination to create a subscription in the guest tenant.
The attack follows a few basic steps:
- Attacker Gets Billing Access in Their Own Tenant
The attacker needs an Azure account in their own tenant with permission to create subscriptions. This is easy to obtain, even with a free trial. Billing access allows the attacker to use their account to create new subscriptions under their control. - Guest Invitation to Target Tenant
The attacker is then invited as a guest to the target organisation’s Microsoft Entra ID tenant. By default, Entra ID allows guest invitations, and in many environments, even existing guests can invite other users. This makes it easy for the attacker to enter the target environment. - Creating a Subscription in the Target Tenant
Once inside, the guest logs into the Azure portal and starts the process of creating a new subscription. Under the advanced settings, they are allowed to select any directory they are a guest in. They select the target tenant, and the subscription gets created within that directory. - Automatic Owner Role Granted
Because the subscription was created using the attacker’s billing account, they automatically receive the “Owner” role for that subscription. This gives them full access, including the ability to manage resources, users, policies, and security settings.
What the Attacker Can Do
With ownership of the subscription, the guest attacker gains control that can be misused in several dangerous ways:
- Privilege Escalation: The attacker can assign powerful roles such as “Owner” or “Contributor” to other users or applications, including malicious ones.
- Persistent Access: They can create User-Managed Identities (UMIs). These identities are not linked to specific users, so they remain active even if the guest account is removed. UMIs can be used to perform actions under the radar.
- Data Theft and Resource Misuse: The attacker can deploy virtual machines, databases, and storage accounts to collect data, launch internal attacks, or perform activities like cryptocurrency mining. This leads to financial losses and operational disruption.
- Disabling Security Controls: Since the attacker owns the subscription, they can turn off or modify security alerts and policies to avoid detection.
- Internal Reconnaissance: With access to the subscription, they can view other users, gather details, and plan deeper attacks inside the environment.
Who Is at Risk
Organisations using Microsoft Entra ID along with Azure are exposed if they use default settings for collaboration. The following conditions make an environment vulnerable:
- Guest Invitations Are Enabled: By default, Entra ID tenants allow users to invite external guests. Many companies rely on this to collaborate with partners, but it opens the door for misuse.
- Billing Access in the Attacker’s Tenant: The attacker must have a billing role in their own tenant. This is easy to arrange, even without a paid Azure subscription.
- No Subscription Entry Restrictions: If the target tenant has not applied specific policies to control who can create or transfer subscriptions into the directory, the attacker can exploit the gap.
In most real-world cases, all three conditions are present, especially in environments with loosely managed guest access and minimal policy enforcement.
How to Protect Your Organisation
Although Microsoft considers this behaviour expected, they offer controls to reduce the risk. These steps should be considered essential for any Azure-using organisation:
1. Restrict Subscription Entry into the Directory
Use Azure Policy to prevent unapproved subscription creation or transfer. Follow these steps:
- Go to the Azure Policy section in the portal.
- Create a custom policy definition that targets the setting: “subscriptions entering a Microsoft Entra ID directory”.
- Set the policy to “Permit no one” unless explicitly required for business needs.
This ensures that only approved users or services can bring subscriptions into your tenant.
2. Apply Exceptions with Caution
If there is a need for a business unit or third party to create or transfer subscriptions, define exceptions carefully. Assign this access only to known, trusted users and review it regularly.
3. Control Guest Invitations
Modify your Entra settings to restrict who can send guest invitations. Limit this ability to specific roles or departments. Avoid allowing guests to invite others. Set up approval workflows if necessary.
4. Review Guest Access Regularly
Establish a routine process to audit all guest users in your tenant. Remove inactive or unnecessary guest accounts. For active guests, verify that their access is justified and limited to what they need.
5. Strengthen Privilege Control with PAM
While subscription policies remain the main defence against this specific risk, adding Privileged Access Management (PAM) improves overall control. Solutions like Microsoft Entra Privileged Identity Management (PIM) help restrict and monitor access to sensitive roles. If an attacker does manage to gain elevated access, PAM can limit what they can do next.
PAM provides:
- Just-in-time (JIT) access to admin roles, reducing exposure time
- Approval workflows before privileges are granted
- Automatic expiry of temporary access
- Audit logs and alerts to monitor privileged actions
This ensures high-impact roles are used only when required, under supervision. PAM does not prevent the initial takeover, but it narrows the window for further damage. It is a valuable security layer for containing privilege misuse.
How to Detect an Active Attack
Early detection is key to reducing damage. Monitor both Azure Activity Logs and Microsoft Entra ID audit logs for the following indicators:
1. Subscription Creation or Transfer by Guests
- Event type: Microsoft.Resources/subscriptions/write (for creation) or Microsoft.Resources/subscriptions/move/action (for transfer)
- Look for: Any event where the caller is a guest user. These actions are rare for legitimate guests and should be treated as suspicious.
2. RBAC Role Assignments by Guest Users
- Event type: Microsoft.Authorization/roleAssignments/write
- Look for: Guest users assigning roles such as Owner or Contributor, especially right after a new subscription is created.
3. Creation of User-Managed Identities
- Event type: Microsoft.ManagedIdentity/userAssignedIdentities/write
- Look for: Guest users creating UMIs. These can be used to maintain long-term access.
4. Unusual Device Registrations
If the attacker attempts to bypass access controls using a compromised virtual machine, you may see new device registrations in Entra logs. Focus on devices registered by guests or showing unusual locations.
Export your logs to a central monitoring system like Log Analytics or a SIEM. Use alerts to flag unusual activity. Keep logs for long periods to detect delayed or stealthy intrusions.
This case highlights the risks that arise from how cloud services are interconnected. The issue is not a fault in one component, but a weakness in how permissions from one service can affect another.
Microsoft Entra ID is the identity platform for the Microsoft cloud. When a guest user can bypass its protections using billing permissions from outside, it breaks the security model. It also shows how supply chain risk can enter through normal business collaboration channels.
Cloud security must look beyond individual services. It must address how different components interact. Policy enforcement, monitoring, and access control must work together. Treat every external connection as a potential risk and limit what guests can do inside your environment.
