Skip to content

AZT202 - Password Spraying#

An adversary may potentially gain access to AzureAD by guessing a common password for multiple users.

Resource

Azure Active Directory

Actions

N/A

Examples

Detections

Logs#

Data Source Application Resource Log Location
Azure Active Directory Azure Portal Windows Azure Service Management API Sign-in Logs
Azure Active Directory Microsoft Azure PowerShell Windows Azure Service Management API Sign-in Logs

Detection Screenshots#

Detection Notes#

The main difference between a successful and unsuccessful login is the 'Status' field, which will designate a "Success" or "Failure".