Vendor: Microsoft
April 15, 2026 · View on GitHub
Product: Microsoft Intune
| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 55 | 26 | 6 | 2 | 4 |
| Use-Case | Activity Types/Parsers | MITRE ATT&CK® TTP | Content |
|---|---|---|---|
| Abnormal Authentication & Access | app-activity ↳microsoft-azuremon-json-app-activity-success-devices ↳microsoft-azuremon-json-app-activity-success-compliance ↳microsoft-azuremon-json-app-activity-success-devicecompliance ↳microsoft-intune-json-app-activity-auditlogs ↳microsoft-intune-json-app-activity-devices | T1078 - Valid Accounts T1133 - External Remote Services |
|
| Account Manipulation | app-activity ↳microsoft-azuremon-json-app-activity-success-devices ↳microsoft-azuremon-json-app-activity-success-compliance ↳microsoft-azuremon-json-app-activity-success-devicecompliance ↳microsoft-intune-json-app-activity-auditlogs ↳microsoft-intune-json-app-activity-devices | T1098 - Account Manipulation T1098.002 - Account Manipulation: Exchange Email Delegate Permissions |
|
| Next Page -->> |
MITRE ATT&CK® Framework for Enterprise
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|
| External Remote Services Valid Accounts | External Remote Services Valid Accounts Account Manipulation Account Manipulation: Exchange Email Delegate Permissions | Valid Accounts | Valid Accounts | Email Collection Email Collection: Email Forwarding Rule |