This website uses cookies to ensure you get the best experience on our website. Learn more
Introducing Specops Service Desk for Cloud (Entra ID)
The service desk has become a prime target for sophisticated social‐engineering campaigns. It’s never been more important to arm frontline support teams with the tools they need to verify every caller from a potential liability into a confirmed identity. So we’re pleased to announce that from today, we support native Entra ID for Specops Secure Service Desk. Specops is now able to support on-premises, hybrid, and Entra ID only organizations with securing their service desk agents against the threat of social engineering.
Service desks are under increasing attack
The “Scattered Spider” group (also known as UNC3944) has repeatedly demonstrated that the service desk is a prime social engineering target. Their modus operandi is to call service desk agents and trick them into carrying out password resets while bypassing MFA. From there, threat actors have a foothold in your organization and can escalate their privileges, steal sensitive data, or use a Ransomware-as-a-Service provider such as DragonForce.
In the last few months alone, high-profile UK retailers such as Marks & Spencer and the Co-op were targeted as attackers exploited weak password-reset procedures at their IT help desks. In the case of M&S, this led to crippling outages after hackers successfully used social-engineering to trick agents into issuing unauthorized resets and access grants. This led to an estimated $402 million profit hit for M&S.
The UK’s National Cyber Security Centre has specifically urged organizations to review and harden their help-desk password-reset workflows to thwart Scattered Spider–style manipulations before they can escalate into full-blown ransomware or extortion events.
Service desk social engineering isn’t limited to the UK though. These attacks echo the serious breach of MGM Resorts in late 2023, where hackers also used a phone call to the service desk to facilitate their initial entry point. It’s a question every organization needs to ask – can our service desk verify that a user is really who they say they are before handing over a new password?
Why should cloud-only organizations use Specops Secure Service Desk?
It’s important to note that verifying Entra ID only users when they call the service desk is not currently offered as standard by Microsoft. The same is true for on-premises and hybrid customers. To securely verify a user when they contact the support team, you need to use a tool like Secure Service Desk that integrates with a multitude of ID services and other service desk systems such as Service Now and Jira.
Specops Secure Service Desk is now available for customers who are native Entra ID (or planning to move there soon on their cloud journey). Verifying the identity of callers to the service desk is just as critical for cloud-only customers as it is for on-prem organizations. Your service desk agents need reliable tools to verify the ID of callers, for the following reasons:
- Remote and hybrid working drives increased call volumes. If users are still calling the service desk with problems, service desk agents are at risk of social engineering.
- Digital transformation adoption outpaces user training. Fighting sophisticated social engineering is a big ask for service desk agents if they aren’t supported with the right tools.
- Threat actors know it’s easier to attack the service desk than crack strong passwords or bypass MFA – this attack route won’t disappear.
- User verifications needs to be better than just recognizing a voice thanks to the advances in technology used for AI vishing. Threat actors can now use AI tools to accurately mimic the voice of people within your organization.
- Deepfakes and social media reconnaissance can render traditional verification methods ineffective. Asking for a birthday or manager’s name won’t cut it with sophisticated threat actors like Scattered Spider.
What’s new with how Secure Service Desk works?
Specops Secure Service Desk still works the same way – the only difference is Entra ID only organizations can now enjoy the benefits. Customers can increases their service desk security with stronger authentication methods that minimize the risk for user impersonation. Identity verification options range from mobile or email verification codes, to commercial authentication providers such as Duo Security, Okta, Symantec VIP, PingID and YubiKey.
These authentication options are paired with technical enforcement of the ID verification, blocking agents from proceeding with the caller’s request until authentication through the platform is completed. A typical Secure Service Desk workflow would look like this:
- User forgets their password and calls the service desk for a replacement.
- Before the service desk agents can reset the password, they need to verify the user with Secure Service Desk.
- The agent sends a push notification to the user’s authentication app (Specops ID, Duo, Okta verify etc.) A one-time code could also be sent, but authentication apps are the more secure option we would recommend.

- The user gets a push notification to their phone and authenticates by approving the verification request.
- The service desk agent now sees that the user is verified and can go ahead and reset the user’s password.

The service desk should be a source of help for employees, and service desk agents should be empowered to work without the threat of social engineering hanging over them. Adding the right third-party tools can ensure your service desk isn’t the weakest link in your organization’s security posture. Interested to see how Secure Service Desk could fit in with your organization? Book your demo or trial today.
(Last updated on June 3, 2025)
Related Articles
-
M&S ransomware hack: Active Directory & Service Desk security lessons
M&S (Marks and Spencers) are a cornerstone of British retail with over 64,000 employees – so it was a shock for many to see them laid low by a ransomware attack in April 2025. The retail giant fell victim to a significant cyber-attack attributed to the hacking group known as Scattered Spider. Attackers reportedly infiltrated…
Read More -
AI vishing: Mastering the art of voice deception
Picture an Italian entrepreneur receiving a phone call from their country’s Defense Minister, Guido Crosetto. The politician has an important but challenging ask – he needs the wealthy individual to wire around €1 million to a Hong Kong-based bank account, claiming it’s necessary to free kidnapped Italian journalists in the Middle East. Except it wasn’t…
Read More -
Scattered Spider service desk attacks: How to defend your organization
Scattered Spider is a disparate hacking collective that has surged to prominence by using sophisticated social engineering tactics. One of their key tactics is exploiting people – specifically, corporate service desks. They’ve recently hit the headlines by allegedly duping an IT help desk at Marks & Spencer into resetting a password that let them breach…
Read More