Tag
high
advisory
Entra ID Domain Federation Configuration Change
3 rules 4 TTPsAdversaries with Global Administrator or Domain Administrator privileges may add a custom domain, verify ownership, and configure it to federate authentication with an attacker-controlled identity provider, allowing token forgery and bypassing MFA and conditional access policies for persistent, stealthy access to victim tenants.
Entra ID
azure
entra-id
domain-federation
privilege-escalation
3r
4t
low
advisory
Entra ID Custom Domain Added or Verified
2 rules 1 TTPDetection of custom domain additions or verifications in Entra ID, a precursor to potentially malicious domain federation for Golden SAML attacks.
Microsoft Entra ID
azure
entra-id
domain-federation
golden-saml
2r
1t