Microsoft Entra Workload ID - Threat detection with Microsoft Defender XDR and Sentinel
Attack techniques has shown that service principals will be used for initial and persistent access to create a backdoor in Microsoft Entra ID. This has been used, for example as part of the NOBELIUM attack path. Abuse of privileged Workload identities for exfiltration and privilege esca...