Attempt to bypass conditional access rule in Microsoft Entra ID

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

'Identifies an attempt to Bypass conditional access rule(s) in Microsoft Entra ID. The ConditionalAccessStatus column value details if there was an attempt to bypass Conditional Access or if the Conditional access rule was not satisfied (ConditionalAccessStatus == 1). References: https://docs.microsoft.com/azure/active-directory/conditional-access/overview https://docs.microsoft.com/azure/active-directory/reports-monitoring/concept-sign-ins https://docs.microsoft.com/azure/active-directory/repor

Attribute	Value
Type	Analytic Rule
Solution	Microsoft Entra ID
ID	3af9285d-bb98-4a35-ad29-5ea39ba0c628
Severity	Low
Status	Available
Kind	Scheduled
Tactics	InitialAccess, Persistence
Techniques	T1078, T1098
Required Connectors	AzureActiveDirectory, AzureActiveDirectory
Source	View on GitHub

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to Microsoft Entra ID