LoFP LoFP / t1098.003

t1098.003

TitleTags
administrator roles could be assigned to users or group by other admin users.
administrators may legitimately assign the application administrator role to a user. filter as needed.
administrators may legitimately assign the global administrator role to a user. filter as needed.
administrators may legitimately assign the privileged roles to service principals as part of administrative tasks. filter as needed.
administrators will legitimately assign the privileged roles users as part of administrative tasks. filter as needed.
as part of legitimate administrative behavior, users may activate pim roles. filter as needed
as part of legitimate administrative behavior, users may be assigned pim roles. filter as needed
legitimate administrative activities changing the access levels for an application
legitimate applications may be granted tenant wide consent, filter as needed.
pim (privileged identity management) generates this event each time 'eligible role' is enabled.
privilege roles may be assigned for legitimate purposes, filter as needed.
service principals are sometimes configured to legitimately bypass the consent process for purposes of automation. filter as needed.
the full_access_as_app api permission may be assigned to legitimate applications. filter as needed.
there are legitimate scenarios in wich an application registrations requires mailbox read access. filter as needed.
valid change
validate the actor if permitted to access the repo.
validate the multifactor authentication changes.
when the permission is legitimately needed for the app