Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This query detects the use of the built-in "Dynamics 365 Example Application" to access production environments. This generic app can not be restricted by Azure AD authorization controls and could be abused to gain unauthorized access via Web API.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Microsoft Business Applications |
| ID | 90bcbd4e-e8b5-4a5d-9fe6-d0f9f0220b4a |
| Tactics | Execution |
| Techniques | T1106, T0834 |
| Required Connectors | Dataverse, AzureActiveDirectory |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
DataverseActivity |
✓ | ✗ | ✓ | |
SigninLogs |
ResourceIdentity == "00000007-0000-0000-c000-000000000000"ResultType == "0" |
✓ | ✗ | ✓ |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
↑ Back to Hunting Queries · Back to Microsoft Business Applications