Skip to content

AZT303 - Managed Device Scripting#

Adversaries may abuse access to any managed devices in AzureAD by executing PowerShell or Python scripts on them.

Resource

Azure Active Directory Intune

Actions

  • microsoft.directory/devices/basic/update

Detections

Logs#

Data Source Operation Name Action Log Provider
Intune IntuneAuditLogs
Intune IntuneAuditLogs
Intune IntuneAuditLogs