Tag
high
advisory
Azure AD Service Principal Authentication Monitoring
2 rules 1 TTPThis analytic identifies authentication events of service principals in Azure Active Directory, monitoring sign-in frequency, timing, source IPs, and accessed resources to detect potential anomalies indicative of compromised credentials or malicious activities.
Azure Active Directory
azure
azuread
serviceprincipal
accounttakeover
2r
1t
high
advisory
Azure AD Device Code Phishing Attack Detection
2 rules 2 TTPsThis brief details the detection of Azure AD Device Code Phishing attacks, where attackers bypass MFA and Conditional Access Policies (CAPs) to gain unauthorized access to Azure AD resources by abusing the device code authentication protocol.
Azure Active Directory +2
azuread
devicecode
phishing
accounttakeover
credentialaccess
2r
2t