Skip to content

Azure App Registration Client Secret

Service Name: Microsoft Azure

Service Description: Microsoft Azure is a cloud computing platform that provides a wide range of services including computing, analytics, storage, and networking. Azure App Registration Client Secrets are used to authenticate applications to Azure Active Directory (Azure AD) when accessing Microsoft cloud services.

Service Address: https://portal.azure.com/

Validation Type: NHI Enriched

IP Allow list: IP restrictions can be configured at the application level through Conditional Access policies and App Service IP restrictions.

Secret Access Scope: Grants programmatic access to Azure resources and services based on the permissions assigned to the application registration in Azure AD.

Secret Revokement URL: https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade

Secret Example: 8Q~fGJLPa4Yt6EhNO_cUyJaVIEwNAa-5X9Aqbdrj

Suspicious Activity Investigation Instructions:

  • Review Azure Activity logs for unusual API calls or resource access.
  • Check Azure AD sign-in logs for suspicious authentication attempts.
  • Monitor for unexpected changes to application permissions or configurations.
  • Review Azure Monitor for unusual resource usage patterns.
  • Check for unauthorized IP addresses accessing the application.

Mitigation Instructions:

  • Navigate to the Azure Portal and go to Azure Active Directory.
  • Select "App registrations" and find the affected application.
  • Go to "Certificates & secrets" section.
  • Locate the compromised client secret and click "Delete".
  • Generate a new client secret if needed.
  • Update the secret in all legitimate application configurations.
  • Review and potentially restrict the application's API permissions.
  • Consider implementing certificate-based authentication instead of client secrets for improved security.
  • Enable Conditional Access policies to restrict access based on location, device compliance, and risk.