AZT405.2 - Azure AD Application: Application API Permissions#
By compromising a service principal whose application has privileged API permissions, an attacker can escalate their privileges to a higher privileged role.
Azure Active Directory
Since the attacker controls the application, no actions are needed.
|Data Source||Operation Name||Action||Log Provider|
|Azure Active Directory||N/A||N/A||AADServicePrincipalSignInLogs|