Azure Azure Role-Based Access Control Capability Group

This control only provides protection for one of this technique's sub-techniques while not providing any protection for its procedure examples (due to being specific to Azure AD) nor its remaining sub-technqiues. Consequently its coverage score factor is Minimal, resulting in a Minimal score.

This control only provides protection for one of this technique's sub-techniques while not providing any protection for its procedure examples nor its remaining sub-technqiues and therefore its coverage score factor is Minimal, resulting in a Minimal score.

This control only provides protection for one of this technique's sub-techniques while not providing any protection for the remaining and therefore its coverage score factor is Minimal, resulting in a Minimal score.

This control can be used to implement the least-privilege principle for account management and thereby limit what an adversary can do with a valid account.

This control can be used to implement the least-privilege principle for account management and thereby limit the accounts that can be used for account discovery.

This control provides protection for some of this technique's sub-techniques and therefore its coverage score factor is Partial, resulting in a Partial score.

This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can modify accounts.

This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can modify accounts.

This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can modify accounts.

This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can create accounts.

This control can provide protection against life-cycle triggered deletion by restricting access to those functions.

This control can be used to limit the number of users that are authorized to grant consent to applications for accessing organizational data. This can reduce the likelihood that a user is fooled into granting consent to a malicious application that then utilizes the user's OAuth access token to access organizational data.

This control can be used to limit the number of users that have access to storage solutions except for the applications, users, and services that require access, thereby reducing the attack surface.

This control can be used to limit the number of users that have dashboard visibility thereby reducing the attack surface.

This control can protect against modification of the authentication process by limiting access.

This control provides partial protection for all of its sub-techniques and therefore its coverage score factor is Partial, resulting in a Partial score.

This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can perform these privileged operations.

This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can perform these privileged operations.

This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can perform these privileged operations.

This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can perform these privileged operations.

This control can be used to implement the least-privilege principle for account management and thereby limit the number of accounts that can perform these privileged operations.

This control can be used to limit the number of users that have privileges to discover cloud infrastructure thereby reducing an organization's cloud infrastructure attack surface.