Azure Hunting playbook Deprecated Hidden

Deprecated. Use 'Office 365 and Azure Hunting' instead. This playbook enables you to collect and investigate suspicious security events from Azure AD environment.

Microsoft Policy And Compliance (Deprecated) · 19 tasks · 0 inputs · 0 outputs

Commands used

o365-auditlog-search

Flowchart

yes yes Start Start Done Done Search for Azure AD service account created or modified Search for Azure AD servi... Search for Azure AD application sharing with additional tenants Search for Azure AD appli... Search for an added Azure AD custom unverified domain Search for an added Azure... Search for SSO being disabled for a domain Search for SSO being disa... Search for modified domain federation settings Search for modified domai... Search mail permissions that were added to a service principal Search mail permissions t... Is Microsoft Policy And Compliance enabled? Is Microsoft Policy And C... Manual Hunt Manual Hunt Automatic Hunt Automatic Hunt Search for Azure AD service account created or modified - o365-auditlog-search Search for Azure AD servi... o365-auditlog-search Search for Azure AD application sharing with additional tenants - o365-auditlog-search Search for Azure AD appli... o365-auditlog-search Search for Azure AD custom unverified domain was added - o365-auditlog-search Search for Azure AD custo... o365-auditlog-search Search for SSO being disabled for a domain - o365-auditlog-search Search for SSO being disa... o365-auditlog-search Search for domain federation settings modified - o365-auditlog-search Search for domain federat... o365-auditlog-search Search whether mail permissions were added to a service principal - o365-auditlog-search Search whether mail permi... o365-auditlog-search Set added mail permissions to a service principal - Set Set added mail permission... Set Found mail permissions were added to a service principal? Found mail permissions we...