Azure App Registration Tenant ID
Service Name: Microsoft Azure
Service Description: Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.
Service Address: https://portal.azure.com/
Validation Type: NHI Enriched
IP Allow list: Does not exist
Secret Access Scope: Identifies the Azure Active Directory tenant where the application is registered. Used in authentication flows to direct requests to the correct tenant.
Secret Revokement URL: https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps
Secret Example: 72f988bf-86f1-41af-91ab-2d7cd011db47
Suspicious Activity Investigation Instructions:
- Review Azure Active Directory audit logs for unusual sign-ins or activities
- Check for unauthorized application consent grants in the tenant
- Examine Azure Activity logs for suspicious resource access or modifications
- Verify no unauthorized applications have been registered using the tenant ID
- Monitor for unusual geographic access patterns to the tenant
Mitigation Instructions:
- If compromised, rotate all client secrets and certificates associated with applications in the tenant
- Review and revoke suspicious OAuth application permissions
- Enable Conditional Access policies to restrict access to sensitive resources
- Implement multi-factor authentication for all administrative accounts
- Consider creating a new tenant ID if the compromise is severe and migrate resources