Securing Microsoft Intune: Why Multi-Admin Approval is Critical Following the Stryker Attack

The Stryker cyberattack was a stark reminder of how a single compromised account with Intune admin privileges can be weaponized to remotely wipe 200,000 devices. Because the platform viewed these factory resets as legitimate administrative actions, security tools did not flag the destruction.

To prevent your management infrastructure from being turned against you, implement these three Microsoft best practices today:

> Enable Multi-Admin Approval (MAA): This is your most critical safeguard. It requires a second authorized administrator to review and approve high-impact actions—such as device wipes, script deployments, and RBAC changes—before they execute. With MAA, one set of stolen credentials is no longer enough to cripple your entire fleet.

> Mandate Phishing-Resistant MFA: Standard MFA can be bypassed by session-token theft. Protect all privileged Intune roles with FIDO2 security keys or passkeys to ensure access is hard to obtain and impossible to reuse.

> Enforce Least-Privilege via PIM: Eliminate standing administrative rights. Use Privileged Identity Management (PIM) to ensure admin access is time-bound and requires re-authentication or approval upon elevation.

Don’t wait for a crisis to secure your control plane. Shift to a protected administration by design model now.