Azure Service Principals in your tenant should be periodically reviewed just as app registration secrets and passwords should be, see post https://www.cyber.engineer/azure-active-directory-threat-hunting-app-registration-key-count as they both work hand-in-hand. What is a service principal? To access resources that are secured by an Azure AD tenant, the entity that
As part of your organisation's proactive threat hunting, app registrations with secrets and passwords configured should be reviewed to look for any suspicious entries. The following Powershell script which I like to run in CloudShell will give you an overview within your tenant. Service principals work hand-in-hand with app registrations,
Investigating Azure Defender Unusual unauthenticated access to your storage account. What is the $web container?
Mailbox auditing allows you to discover illicit activities performed in an Exchange Online mailbox, whether by an attacker because of a compromised account or by a malicious insider who has delegate access.
Using legacy authentication may, in some circumstances, increase the risk of account compromise due to how the password is transmitted and stored.