[Entra ID] Application Granted Administrative Permission to Assign Microsoft Entra ID Roles

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

Detects when an application receives permission to assign Microsoft Entra ID roles. This can enable directory privilege escalation and should be reviewed immediately.

Attribute	Value
Type	Analytic Rule
Solution	eDCRule
ID	ef34b272-930c-41c8-a682-8c2093cd2024
Severity	High
Status	Available
Kind	Scheduled
Tactics	Persistence, Impact, PrivilegeEscalation
Techniques	T1098.003
Required Connectors	AzureActiveDirectory
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
AuditLogs	LoggedByService == "Core Directory" OperationName in "Add app role assignment to service principal,Add delegated permission grant"	✓	✗	✓

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Analytic Rules · Back to eDCRule