AZT104 - Gather User Information

An adversary may obtain information about a User within Azure Active Directory. Details may include email addresses, first/last names, job information, addresses, and assigned roles. By default, all users are able to read other user's roles and group memberships within AAD.

Resource

Azure Active Directory

Actions

• microsoft.directory/*/*/read

Examples

Az PowerShellAzure CLIMicrosoft Graph REST APIAzure Portal

Get-AzADUser

az ad user show

GET https://graph.microsoft.com/v1.0/users/{id | userPrincipalName}

Detections

N/A

Additional Resources

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/users-default-permissions