![]() ![]() Modified application and service principal credentials/authentication methods - This report flags actors who have recently changed many service principal credentials, and how many of each type of service principal credentials have been changed. This workbook is split into four sections: If you've previously integrated your Azure AD sign-in and audit logs with Azure Monitor, you can use the workbook to assess past information. Learn more about the prerequisites to Azure Monitor workbooks for Azure Active Directory. Only sign-in and audit events created after Azure Monitor integration will be stored, so the workbook won't contain insights prior to that date. This integration allows you to store, and query, and visualize your logs using workbooks for up to two years. If your organization is new to Azure monitor workbooks, you need to integrate your Azure AD sign-in and audit logs with Azure Monitor before accessing the workbook. This workbook identifies recent sensitive operations that have been performed in your tenant and which may service principal compromise. ![]() This article provides you with an overview of this workbook. The sensitive operations report workbook is intended to help identify suspicious application and service principal activity that may indicate compromises in your environment. As an IT administrator, you need to be able to identify compromises in your environment to ensure that you can keep it in a healthy state. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |