Skip to content
TheCloud.Events

Add Owner To Application

CSP: Azure
Tactics:
Privilege Escalation Persistence
Techniques:
T1098
Tags:
Azure Microsoft Entra ID

Event

Adds an owner to an Entra ID application registration, granting them management rights over the application.

Security Context

  • Account manipulation is a primary persistence technique, allowing adversaries to maintain access through modified permissions or credentials.

Log Source

Entra ID Audit Logs

Sample Event

MITRE ATT&CK Mapping

Tactics: Privilege Escalation Persistence

Techniques:
  • T1098 — Account Manipulation — Adversaries may manipulate accounts to maintain and/or elevate access to victim systems. Account manipulation may consist of any action that preserves or modifies adversary access to a compromised account, such as modifying credentials or permission groups.