Azure AD backdooring to get stealthy persistent access to all mailboxes
msrc-blog.microsoft.com/2020…
As explained last year by @_dirkjan dirkjanm.io/azure-ad-privile…
9:57 AM · Dec 14, 2020
3
42
137
Microsoft @ItsReallyNick shared an Azure Sentinel query to detect "New access credential added to OAuth Application or Service Principal" 👍
github.com/Azure/Azure-Senti…
0
3
15



