Account MFA Modifications

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

'Identifies modifications to user's MFA settings. An attacker could use access to modify MFA settings to bypass MFA requirements or maintain persistence.

Attribute	Value
Type	Hunting Query
Solution	GitHub Only
ID	a3a09840-1022-4267-b9e1-d6c9799ed38a
Tactics	DefenseEvasion, Persistence
Techniques	T1556.006
Required Connectors	AzureActiveDirectory
Source	[View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/AuditLogs/AccountMFAModifications.yaml)

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Hunting Queries