Public

This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected.

Repository Settings

ahmadziahidary/AzureAD-Attack-Defense

Webhooks

Webhooks allow external services to be notified when certain events happen in your repository.

Payload URL

Secret Token

Used to validate webhook payloads for security.

Event Triggers

Push

Any Git push to the repository

Pull Request

Pull request opened, closed, or synchronized

Issues

Issue opened, edited, closed, etc.

Commit Comment

Commit or diff commented on

Code Scan

Code scanning alerts