Azure Login Bypassing Conditional Access Policies (13f2d3f5-6497-44a7-bf5f-dc13ffafe5dc)
Detects a successful login to the Microsoft Intune Company Portal which could allow bypassing Conditional Access Policies and InTune device trust using a tool like TokenSmith.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) | Attack Pattern | Azure Login Bypassing Conditional Access Policies (13f2d3f5-6497-44a7-bf5f-dc13ffafe5dc) | Sigma-Rules | 1 |