Tag
medium
advisory
Unauthorized Modification of Azure Conditional Access Policy
2 rules 2 TTPsAn unauthorized actor modifies an Azure Conditional Access policy, potentially leading to privilege escalation, credential access, persistence, or defense impairment.
Azure Active Directory
azure
conditional-access
policy-modification
attack.privilege-escalation
attack.credential-access
attack.persistence
attack.defense-impairment
attack.t1548
+1
2r
2t
medium
advisory
Unauthorized Removal of Azure Conditional Access Policy
2 rules 3 TTPsAn unauthorized actor removes a Conditional Access policy in Azure, potentially weakening the organization's security posture and enabling privilege escalation or credential access.
Azure Active Directory
azure
conditional-access
privilege-escalation
credential-access
persistence
defense-impairment
2r
3t
medium
advisory
User Removed from Group with Conditional Access Policy Modification Access
2 rules 3 TTPsAn attacker removes a user from a privileged Azure Active Directory group with permissions to modify Conditional Access policies, potentially leading to privilege escalation, persistence, or defense evasion.
Azure Active Directory
azure
conditional-access
privilege-escalation
2r
3t
medium
advisory
Unauthorized Conditional Access Policy Creation in Azure AD
2 rules 1 TTPAn unauthorized actor created a new Conditional Access policy in Azure AD, potentially leading to privilege escalation and unauthorized access.
Azure Active Directory
azure
conditional-access
privilege-escalation
attack.privilege-escalation
attack.t1548
2r
1t