Skip to content

Azure App Registration Tenant ID

Service Name: Microsoft Azure

Service Description: Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.

Service Address: https://portal.azure.com/

Validation Type: NHI Enriched

IP Allow list: Does not exist

Secret Access Scope: Identifies the Azure Active Directory tenant where the application is registered. Used in authentication flows to direct requests to the correct tenant.

Secret Revokement URL: https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps

Secret Example: 72f988bf-86f1-41af-91ab-2d7cd011db47

Suspicious Activity Investigation Instructions:

  • Review Azure Active Directory audit logs for unusual sign-ins or activities
  • Check for unauthorized application consent grants in the tenant
  • Examine Azure Activity logs for suspicious resource access or modifications
  • Verify no unauthorized applications have been registered using the tenant ID
  • Monitor for unusual geographic access patterns to the tenant

Mitigation Instructions:

  • If compromised, rotate all client secrets and certificates associated with applications in the tenant
  • Review and revoke suspicious OAuth application permissions
  • Enable Conditional Access policies to restrict access to sensitive resources
  • Implement multi-factor authentication for all administrative accounts
  • Consider creating a new tenant ID if the compromise is severe and migrate resources