Privileged directory role assigned outside PIM workflow

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

Identifies permanent directory role assignments to privileged roles made outside the Privileged Identity Management activation workflow. Direct assignments bypass PIM approval and justification requirements.

Attribute	Value
Type	Hunting Query
Solution	Standalone Content
ID	2df6ff4f-f90f-4158-ac4a-98c1b23d9e18
Tactics	Persistence, PrivilegeEscalation
Techniques	T1098.003
Required Connectors	AzureActiveDirectory
Source	[View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/AuditLogs/DirectoryRoleAssignedOutsidePIM.yaml)

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Hunting Queries