
Summary
This detection rule is focused on monitoring instances where user consent in an Azure environment is blocked due to identified risks associated with applications. When an application attempts to gain user consent for access but is flagged as risky, the system will log this event as a way to manage and mitigate potential credential theft or misuse of sensitive data. The rule examines audit logs specifically for a failure status that indicates user consent was blocked for risky applications. By identifying these events, security teams can proactively address issues related to user consent and application access management, ensuring better compliance with security policies and protecting against unauthorized access attempts.
Categories
- Cloud
- Azure
Data Sources
- User Account
- Application Log
- Cloud Service
Created: 2022-07-10