Tag

Entra_id

3 briefs RSS

Entra ID Excessive Account Lockouts Detected

A high volume of failed Microsoft Entra ID sign-in attempts resulting in account lockouts indicates potential brute-force attacks, such as password spraying or credential stuffing, targeting user accounts.

Entra ID azure entra_id credential_access brute_force

2r 3t 1w ago

medium advisory

Entra ID ADRS Token Request by Microsoft Authentication Broker

2 rules 2 TTPs 1 IOC

Detects suspicious OAuth 2.0 token requests where the Microsoft Authentication Broker requests access to the Device Registration Service on behalf of a user principal, potentially indicating an attempt to abuse device registration for unauthorized persistence.

azure entra_id persistence oauth

2r 2t 1i 3w ago

high advisory

Entra ID Federated Identity Credential Issuer Modified

2 rules 2 TTPs

Modification of the issuer URL of a federated identity credential in Entra ID can allow an attacker to authenticate as the application's service principal, granting persistent access to Azure resources by pointing to an attacker-controlled identity provider and bypassing normal authentication.

azure entra_id federated_identity persistence privilege_escalation

2r 2t Mar 18, 2026