- 필수 기능
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- 디지털 경험
- 소프트웨어 제공
- 보안
- 로그 관리
- 관리
- 인프라스트럭처
- ci
- containers
- csm
- ndm
- otel_guides
- overview
- slos
- synthetics
- tests
- 워크플로
Detect when a user adds FullAccess permissions.
Monitor Microsoft 365 audit logs to look for the operation Add-MailboxPermission
. FullAccess permission allows the assigned user to read the mailbox and manage emails in the user’s mailbox that the permission is assigned to. Full Access permission does not grant Send as or Send on behalf permissions. Attackers may configure this to allow them to impersonate a user and read messages from their mailbox, allowing the attacker to persist in the organization.
@Parameters.User
field to identify which user is getting access to the mailbox specified in @Parameters.Identity
.{{@usr.email}}
.{{@usr.email}}
is not aware of the action:@usr.email
, @Parameters.User
, and @Parameters.Identity
using the Cloud SIEM - User Investigation dashboard.