Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
'This will alert when a user or application signs in using Microsoft Entra ID PowerShell to access non-Active Directory resources, such as the Azure Key Vault, which may be undesired or unauthorized behavior. For capabilities and expected behavior of the Microsoft Entra ID PowerShell module, see: https://docs.microsoft.com/powershell/module/azuread/?view=azureadps-2.0. For further information on Microsoft Entra ID Signin activity reports, see: https://docs.microsoft.com/azure/active-directory/re
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Microsoft Entra ID |
| ID | 50574fac-f8d1-4395-81c7-78a463ff0c52 |
| Severity | Low |
| Status | Available |
| Kind | Scheduled |
| Tactics | InitialAccess |
| Techniques | T1078 |
| Required Connectors | AzureActiveDirectory, AzureActiveDirectory |
| Source | View on GitHub |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊