The False Sense of Security: Defense Becoming a Vulnerability
Nathan Eades
fwd:cloudsec North America 2025 · Day 2 · Track 1 - Crystal
Nathan Eades delivered a sharp critique of how **Privileged Identity Management (PIM)** and **Just-In-Time (JIT) access** in Microsoft Entra ID have created a false sense of security that often undermines the very least-privilege goals they were designed to serve. Drawing from extensive data across multiple real-world tenants, Eades demonstrated that PIM deployments frequently result in excessive noise, rubber-stamp approvals, meaningless justifications, and a dangerous loss of visibility — particularly when Microsoft's own best practice of "PIM for Groups" is followed. The talk is a wake-up call for any organization that has deployed PIM and assumed the job of privilege management was done.
AI review
Data-driven dismantling of PIM as a security control. The 50,000 justification analysis, the PIM for Groups logging bypass, and the 75% unused eligible roles stat are all the kind of hard evidence that turns assumptions into action items. This is the talk that should make every Entra shop audit their PIM deployment tomorrow morning.