Skip to content

AZT502.3 - Account Creation: Guest Account Creation#

An adversary may create a guest account in Azure Active Directory

Resource

Azure Active Directory

Actions

  • microsoft.directory/users/create
  • microsoft.directory/users/inviteGuest

Examples

newuser

Detections

Logs#

Data Source Operation Name Action Log Provider
Azure Active Directory Invited Users microsoft.directory/users/inviteGuest AuditLogs

Queries#

Platform Query
Log Analytics AuditLogs | where ActivityDisplayName == 'Invited Users'

Azure Monitor Alert#

Deploy to Azure

Additional Resources

https://docs.microsoft.com/en-us/azure/active-directory/external-identities/b2b-quickstart-add-guest-users-portal