Check the techinque in: https://dirkjanm.io/azure-ad-privilege-escalation-application-admin/, https://www.youtube.com/watch?v=JEIR5oGCwdg and https://www.youtube.com/watch?v=xei8lAPitX8

The blog post discusses a privilege escalation vulnerability in Azure AD, allowing Application Admins or compromised On-Premise Sync Accounts to escalate privileges by assigning credentials to applications. The vulnerability, stemming from the "by-design" behavior of Azure AD's handling of applications and service principals, notably affects default Office 365 applications. Although reported, the issue is not considered a vulnerability by Microsoft due to documentation of the admin rights assignment behavior. The post provides detailed technical insights and advises regular reviews of service principal credentials in Azure AD environments. For more detailed information, you can visit the original blog post.