Command & Control

Azure AD New Partner Added to Organization

Azure AD New Partner Added to Organization

Detection overview

Triggers

  • A new Partner entity is added to the environment with the ability to manage, configure, and support Azure services on the organization’s behalf.

Possible Root Causes

  • Partner is added to the organization maliciously, by exploiting an internal admin account.
  • Partner is added to the organization with legitimate intent and following a valid request by the management.

Business Impact

  • Adding a partner entity to the organization gives that partner the ability to fully manage the environment. These privileges can be abused for complete environment compromise.

Steps to Verify  

  • Determine if the request to add a partner to the organization was a legitimate action. If not, delete the partner entity and investigate further.
Azure AD New Partner Added to Organization

Possible root causes

Malicious Detection

Benign Detection

Azure AD New Partner Added to Organization

Example scenarios

Azure AD New Partner Added to Organization

Business impact

If this detection indicates a genuine threat, the organization faces significant risks:

Azure AD New Partner Added to Organization

Steps to investigate

Azure AD New Partner Added to Organization

MITRE ATT&CK techniques covered

Azure AD New Partner Added to Organization

Related detections

No items found.

FAQs