Skip to content

AZT405.1 - Azure AD Application: Application Role#

By compromising a user, user in a group, or service principal that has an application role over an application, they may be able to escalate their privileges by impersonating the associated service principal and leveraging any privileged assigned application role.

Resource

Azure Active Directory

Actions

N/A

Since the attacker controls the application, no actions are needed.

Detections

Logs#

Data Source Operation Name Action Log Location
N/A N/A N/A N/A