AZT405.1 - Azure AD Application: Application Role#
By compromising a user, user in a group, or service principal that has an application role over an application, they may be able to escalate their privileges by impersonating the associated service principal and leveraging any privileged assigned application role.
Azure Active Directory
Since the attacker controls the application, no actions are needed.
|Data Source||Operation Name||Action||Log Provider|
|Azure Active Directory||N/A||N/A||AADServicePrincipalSignInLogs|
Azure Monitor Alert#