F&O - Non-interactive account mapped to self or sensitive privileged user

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

Identifies changes to Microsoft Entra client apps registered for Finance & Operations, specifically when a new client is mapped to a predefined list of sensitive privileged user accounts, or when a user associates a client app with their own account.

Attribute	Value
Type	Analytic Rule
Solution	Microsoft Business Applications
ID	5b7cc7f9-fe54-4138-9fb0-d650807345d3
Severity	Medium
Status	Available
Kind	Scheduled
Tactics	CredentialAccess, Persistence, PrivilegeEscalation
Techniques	T1556, T1098, T1136, T1078, T0859
Required Connectors	Dynamics365Finance
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
FinanceOperationsActivity_CL	?	✓	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to Microsoft Business Applications