Tag
high
advisory
Azure AD User Added to Global or Device Admin Role
2 rules 3 TTPsAn attacker may attempt to add a user to a high-privilege Azure AD role, such as Global Administrator or Device Administrator, to establish persistence, gain initial access, escalate privileges, or operate stealthily within the compromised environment.
Azure Active Directory
azuread
role-assignment
privilege-escalation
persistence
2r
3t
high
advisory
Azure AD Privileged Role Assignment
2 rules 2 TTPsDetection of a user being added to a privileged role in Azure AD, potentially indicating privilege escalation or persistence by an attacker.
Azure Active Directory
azure
privileged-access
role-assignment
2r
2t
high
advisory
Azure PIM - Role Assignment Outside of Privileged Identity Management
2 rules 4 TTPsDetection of privilege role assignments outside of Azure Privileged Identity Management (PIM) can indicate potential attacker activity related to initial access, stealth, persistence, or privilege escalation within the Azure environment.
Azure Active Directory
azure
pim
role-assignment
attack.initial-access
attack.stealth
attack.t1078
attack.persistence
attack.privilege-escalation
2r
4t