Skip to content

AZT201.1 - User Account#

By obtaining valid user credentials, an adversary may login to AzureAD via command line or through the Azure Portal.

Resource

Azure Active Directory

Actions

N/A

Examples

Detections

Logs#

Data Source Application Resource Log Location
Azure Active Directory Azure Portal Windows Azure Service Management API Sign-in Logs
Azure Active Directory Microsoft Azure PowerShell Windows Azure Service Management API Sign-in Logs

Queries#

SigninLogs|where Status =="{\"errorCode\":0}" and ResourceDisplayName=="Windows Azure Service Management API"

Detection Screenshots#