Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This query identifies A365 AI agents whose owners are either disabled or removed from the organization, and are not blocked. Orphaned agents without an active owner pose governance and security risks because no one is accountable for their configuration, updates, or potential misuse. If these agents remain active, they could retain sensitive connections or perform actions without proper oversight, increasing the risk of unauthorized access or persistence in the environment. Recommended Action:
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | 6e7f8a9b-0c1d-2e3f-4a5b-6c7d8e9f0a1b |
| Tactics | Persistence, DefenseEvasion |
| Techniques | T1078, T1562 |
| Source | [View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/AI%20Agents/A365%20Connector/OrphanedAIAgents.yaml) |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊