Techniques
Sample rules
User Risk and MFA Registration Policy Updated
- source: sigma
- technicques:
Description
Detects changes and updates to the user risk and MFA registration policy. Attackers can modified the policies to Bypass MFA, weaken security thresholds, facilitate further attacks, maintain persistence.
Detection logic
condition: selection
selection:
Category: Policy
LoggedByService: AAD Management UX
OperationName: Update User Risk and MFA Registration Policy