Skip to content

Azure App Registration Client ID

Service Name: Microsoft Azure

Service Description: Microsoft Azure is a cloud computing platform and infrastructure created by Microsoft for building, deploying, and managing applications and services through Microsoft-managed data centers.

Service Address: https://portal.azure.com/

Validation Type: NHI Enriched

IP Allow list: Does not exist

Secret Access Scope: Grants access to Azure resources and APIs based on the permissions assigned to the application registration.

Secret Revokement URL: https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade

Secret Example: 8a4d5c2f-1b3e-4a6d-9c8b-7f0e5a2d3b1a

Suspicious Activity Investigation Instructions:

  • Review Azure Active Directory sign-in logs for unusual authentication patterns
  • Check application permissions and consent grants in Azure AD
  • Review Azure Activity logs for any unauthorized resource access
  • Monitor for unusual API calls or data access patterns
  • Check for unexpected application permission changes

Mitigation Instructions:

  • Navigate to Azure Portal > Azure Active Directory > App Registrations
  • Locate the compromised application registration
  • Consider deleting the application if it was created maliciously
  • For legitimate apps, rotate client secrets and certificates
  • Review and restrict application permissions to only what is necessary
  • Enable Conditional Access policies for the application
  • Implement IP restrictions if possible through Azure AD Conditional Access