Rules Contributing to Microsoft Entra Changes to Device Registration Policy Alert
The following rules are used to identify suspicious Microsoft Entra changes to device registration policy. Any one or more of these will trigger the Microsoft Entra Changes to Device Registration Policy Alert. Details for each rule can be viewed by clicking the More Details link in the description.
Title |
Description |
||||||||
---|---|---|---|---|---|---|---|---|---|
Changes to Device Registration Policy |
Monitor and alert for changes to the device registration policy. More details
Rule IDQuery{'selection': {'Category': 'Policy', 'ActivityDisplayName': 'Set device registration policies'}, 'condition': 'selection'} Log SourceStellar Cyber Microsoft Entra Events configured. Rule SourceSigmaHQ,9494bff8-959f-4440-bbce-fb87a208d517 Author: Michael Epping, '@mepples21' Tactics, Techniques, and ProceduresReferencesSeverity75 Suppression Logic Based On
Additional Information
|