It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda XDR

Simulating Microsoft Azure Threats

  • Last updated on

The use case for test is disabling Azure multi-factor authentication (MFA) for an Azure user.

Barracuda XDR Azure Security Monitoring is a managed, cloud-native security product that detects ransomware, credential dumping, connections to malicious IP addresses, and other breaches. The Azure product catches threats and malware by identifying known threat signatures and using AI/machine learning. This activity identifies when multi-factor authentication is disabled for an Azure user account. An adversary may disable MFA for a user account in order to weaken the authentication requirements for the account.

Test Workflow

Azure 1.png

How to Test

To do this test, you need a user that has MFA enabled.

  1. Sign into the Azure portal as an administrator.
  2. Search for and select Azure Active Directory, then select Users > All users.
  3. Scroll right and select Multi-Factor Authentication.
    Azure 2.png
    A new page opens, displaying users and their MFA status, as shown below.
    Azure 3.png
  4. Select the box next to the name of the user(s) whose MFA you want to disable.
  5. Click Disable.
    Azure 4.png
  6. In the pop-up window, confirm your selection.
    Azure 5.png

An Azure Multi-Factor Authentication Disabled for an Azure User alarm triggers to the Barracuda XDR SOC.