Rules Contributing to Microsoft Entra Privileged Account Assignment or Elevation Alert

The following rules are used to identify suspicious Microsoft Entra privileged account assignment or elevation. Any one or more of these will trigger the Microsoft Entra Privileged Account Assignment or Elevation Alert. Details for each rule can be viewed by clicking the More Details link in the description.

Title

Description

Azure Subscription Permission Elevation Via AuditLogs

Detects when a user has been elevated to manage all Azure Subscriptions. This change should be investigated immediately if it isn't planned. This setting could allow an attacker access to Azure subscriptions in your environment.