
Rule Info
Name
Azure Login Bypassing Conditional Access Policies
Author
Josh Nickels, Marius Rothenbücher
Description
Detects a successful login to the Microsoft Intune Company Portal which could allow bypassing Conditional Access Policies and InTune device trust using a tool like TokenSmith.
Date
2025-01-08 00:00:00
Modified
None
Id
13f2d3f5-6497-44a7-bf5f-dc13ffafe5dc
Tags
attack.defense-evasion attack.t1078
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit
Josh
Merge PR #5157 from @joshnck - Add `Azure Login Bypassing Conditional Access Policies`
2025-01-19