Product
Attackers may modify Entra ID Privileged Identity Management (PIM) roles to persist in the environment and weaken security controls, potentially leading to privilege escalation and unauthorized access.