Azure App Registration Client ID
Service Name: Microsoft Azure
Service Description: Microsoft Azure is a cloud computing platform and infrastructure created by Microsoft for building, deploying, and managing applications and services through Microsoft-managed data centers.
Service Address: https://portal.azure.com/
Validation Type: NHI Enriched
IP Allow list: Does not exist
Secret Access Scope: Grants access to Azure resources and APIs based on the permissions assigned to the application registration.
Secret Revokement URL: https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade
Secret Example: 8a4d5c2f-1b3e-4a6d-9c8b-7f0e5a2d3b1a
Suspicious Activity Investigation Instructions:
- Review Azure Active Directory sign-in logs for unusual authentication patterns
- Check application permissions and consent grants in Azure AD
- Review Azure Activity logs for any unauthorized resource access
- Monitor for unusual API calls or data access patterns
- Check for unexpected application permission changes
Mitigation Instructions:
- Navigate to Azure Portal > Azure Active Directory > App Registrations
- Locate the compromised application registration
- Consider deleting the application if it was created maliciously
- For legitimate apps, rotate client secrets and certificates
- Review and restrict application permissions to only what is necessary
- Enable Conditional Access policies for the application
- Implement IP restrictions if possible through Azure AD Conditional Access