Azure azure_ad_privileged_identity_management Mappings

Privileged Identity Management (PIM) is a service in Azure Active Directory (Azure AD) that enables you to manage, control, and monitor access to important resources in your organization. These resources include resources in Azure AD, Azure, and other Microsoft Online Services such as Microsoft 365 or Microsoft Intune.

Mappings

Capability ID Capability Description Category Value ATT&CK ID ATT&CK Name
azure_ad_privileged_identity_management Azure AD Privileged Identity Management protect minimal T1078 Valid Accounts
azure_ad_privileged_identity_management Azure AD Privileged Identity Management protect partial T1078.004 Cloud Accounts
azure_ad_privileged_identity_management Azure AD Privileged Identity Management protect partial T1098 Account Manipulation
azure_ad_privileged_identity_management Azure AD Privileged Identity Management detect minimal T1098 Account Manipulation
azure_ad_privileged_identity_management Azure AD Privileged Identity Management protect significant T1098.003 Add Office 365 Global Administrator Role
azure_ad_privileged_identity_management Azure AD Privileged Identity Management detect significant T1098.003 Add Office 365 Global Administrator Role
azure_ad_privileged_identity_management Azure AD Privileged Identity Management protect significant T1098.001 Additional Cloud Credentials
azure_ad_privileged_identity_management Azure AD Privileged Identity Management protect minimal T1136 Create Account
azure_ad_privileged_identity_management Azure AD Privileged Identity Management protect significant T1136.003 Cloud Account