{"CreationTime": "2023-09-01T17:16:20", "Id": "27cb06de-9a8d-40c8-a788-ee42184cb2a3", "Operation": "Update service principal.", "OrganizationId": "58aee3b9-7433-46a0-b54e-2429487992a0", "RecordType": 8, "ResultStatus": "Success", "UserKey": "1003BFFD98415B4E@contoso.onmicrosoft.com", "UserType": 0, "Version": 1, "Workload": "AzureActiveDirectory", "ObjectId": "95106c0e-3519-450e-8e38-7f326d873454", "UserId": "attacker@contoso.onmicrosoft.com", "AzureActiveDirectoryEventType": 1, "ExtendedProperties": [{"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36\",\"AppId\":\"95106c0e-3519-450e-8e38-7f326d873454\"}"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}], "ModifiedProperties": [{"Name": "Included Updated Properties", "NewValue": "", "OldValue": ""}, {"Name": "TargetId.ServicePrincipalNames", "NewValue": "95106c0e-3519-450e-8e38-7f326d873454", "OldValue": ""}], "Actor": [{"ID": "attacker@contoso.onmicrosoft.com", "Type": 5}, {"ID": "1003BFFD98415B4E", "Type": 3}, {"ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", "Type": 2}, {"ID": "User_e4c722ac-3b83-478d-8f52-c388885dc30f", "Type": 2}, {"ID": "e4c722ac-3b83-478d-8f52-c388885dc30f", "Type": 2}, {"ID": "User", "Type": 2}], "ActorContextId": "58aee3b9-7433-46a0-b54e-2429487992a0", "InterSystemsId": "6a0bc9d4-eb2d-4eb0-a524-601dac6914a6", "IntraSystemId": "a2d4d7c4-727c-401b-9e6c-70413a080855", "SupportTicketId": "", "Target": [{"ID": "ServicePrincipal_21ad62af-992e-4a9f-b6c1-67aa6c8a6eb4", "Type": 2}, {"ID": "21ad62af-992e-4a9f-b6c1-67aa6c8a6eb4", "Type": 2}, {"ID": "ServicePrincipal", "Type": 2}, {"ID": "TestApp2", "Type": 1}, {"ID": "95106c0e-3519-450e-8e38-7f326d873454", "Type": 2}, {"ID": "95106c0e-3519-450e-8e38-7f326d873454", "Type": 4}], "TargetContextId": "58aee3b9-7433-46a0-b54e-2429487992a0"} {"CreationTime": "2023-09-01T17:16:20", "Id": "c428c85c-4fa0-4e97-9033-6a76d9dee45d", "Operation": "Update application.", "OrganizationId": "58aee3b9-7433-46a0-b54e-2429487992a0", "RecordType": 8, "ResultStatus": "Success", "UserKey": "1003BFFD98415B4E@contoso.onmicrosoft.com", "UserType": 0, "Version": 1, "Workload": "AzureActiveDirectory", "ObjectId": "Application_a2d68f8b-ab9f-47ac-934f-b966c3ac134f", "UserId": "attacker@contoso.onmicrosoft.com", "AzureActiveDirectoryEventType": 1, "ExtendedProperties": [{"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36\",\"AppId\":\"95106c0e-3519-450e-8e38-7f326d873454\"}"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}], "ModifiedProperties": [{"Name": "RequiredResourceAccess", "NewValue": "[\r\n {\r\n \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n \"DirectAccessGrant\": false,\r\n \"ImpersonationAccessGrants\": [\r\n 20\r\n ]\r\n },\r\n {\r\n \"EntitlementId\": \"810c84a8-4a9e-49e6-bf7d-12d183f40d01\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n },\r\n {\r\n \"EntitlementId\": \"b633e1c5-b582-4048-a93e-9f11b44c7e96\",\r\n \"DirectAccessGrant\": true,\r\n \"ImpersonationAccessGrants\": []\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n }\r\n]", "OldValue": "[\r\n {\r\n \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n \"DirectAccessGrant\": false,\r\n \"ImpersonationAccessGrants\": [\r\n 20\r\n ]\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n }\r\n]"}, {"Name": "Included Updated Properties", "NewValue": "RequiredResourceAccess", "OldValue": ""}], "Actor": [{"ID": "attacker@contoso.onmicrosoft.com", "Type": 5}, {"ID": "1003BFFD98415B4E", "Type": 3}, {"ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", "Type": 2}, {"ID": "User_e4c722ac-3b83-478d-8f52-c388885dc30f", "Type": 2}, {"ID": "e4c722ac-3b83-478d-8f52-c388885dc30f", "Type": 2}, {"ID": "User", "Type": 2}], "ActorContextId": "58aee3b9-7433-46a0-b54e-2429487992a0", "InterSystemsId": "6a0bc9d4-eb2d-4eb0-a524-601dac6914a6", "IntraSystemId": "a2d4d7c4-727c-401b-9e6c-70413a080855", "SupportTicketId": "", "Target": [{"ID": "Application_a2d68f8b-ab9f-47ac-934f-b966c3ac134f", "Type": 2}, {"ID": "a2d68f8b-ab9f-47ac-934f-b966c3ac134f", "Type": 2}, {"ID": "Application", "Type": 2}, {"ID": "TestApp2", "Type": 1}, {"ID": "95106c0e-3519-450e-8e38-7f326d873454", "Type": 2}], "TargetContextId": "58aee3b9-7433-46a0-b54e-2429487992a0"} {"CreationTime": "2023-09-01T17:15:44", "Id": "58ebac08-cea8-4e75-93c3-8f77c56ac9c0", "Operation": "Add service principal.", "OrganizationId": "58aee3b9-7433-46a0-b54e-2429487992a0", "RecordType": 8, "ResultStatus": "Success", "UserKey": "1003BFFD98415B4E@contoso.onmicrosoft.com", "UserType": 0, "Version": 1, "Workload": "AzureActiveDirectory", "ObjectId": "95106c0e-3519-450e-8e38-7f326d873454", "UserId": "attacker@contoso.onmicrosoft.com", "AzureActiveDirectoryEventType": 1, "ExtendedProperties": [{"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36\",\"AppId\":\"95106c0e-3519-450e-8e38-7f326d873454\"}"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}], "ModifiedProperties": [{"Name": "AccountEnabled", "NewValue": "[\r\n true\r\n]", "OldValue": "[]"}, {"Name": "AppPrincipalId", "NewValue": "[\r\n \"95106c0e-3519-450e-8e38-7f326d873454\"\r\n]", "OldValue": "[]"}, {"Name": "DisplayName", "NewValue": "[\r\n \"TestApp2\"\r\n]", "OldValue": "[]"}, {"Name": "ServicePrincipalName", "NewValue": "[\r\n \"95106c0e-3519-450e-8e38-7f326d873454\"\r\n]", "OldValue": "[]"}, {"Name": "Credential", "NewValue": "[\r\n {\r\n \"CredentialType\": 2,\r\n \"KeyStoreId\": \"291154f0-a9f5-45bb-87be-9c8ee5b6d62c\",\r\n \"KeyGroupId\": \"291154f0-a9f5-45bb-87be-9c8ee5b6d62c\"\r\n }\r\n]", "OldValue": "[]"}, {"Name": "Included Updated Properties", "NewValue": "AccountEnabled, AppPrincipalId, DisplayName, ServicePrincipalName, Credential", "OldValue": ""}, {"Name": "TargetId.ServicePrincipalNames", "NewValue": "95106c0e-3519-450e-8e38-7f326d873454", "OldValue": ""}], "Actor": [{"ID": "attacker@contoso.onmicrosoft.com", "Type": 5}, {"ID": "1003BFFD98415B4E", "Type": 3}, {"ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", "Type": 2}, {"ID": "User_e4c722ac-3b83-478d-8f52-c388885dc30f", "Type": 2}, {"ID": "e4c722ac-3b83-478d-8f52-c388885dc30f", "Type": 2}, {"ID": "User", "Type": 2}], "ActorContextId": "58aee3b9-7433-46a0-b54e-2429487992a0", "InterSystemsId": "a4bb688d-a319-4455-aa50-de779e72f309", "IntraSystemId": "a2d4d7c4-727c-401b-9e6c-70413a080855", "SupportTicketId": "", "Target": [{"ID": "ServicePrincipal_21ad62af-992e-4a9f-b6c1-67aa6c8a6eb4", "Type": 2}, {"ID": "21ad62af-992e-4a9f-b6c1-67aa6c8a6eb4", "Type": 2}, {"ID": "ServicePrincipal", "Type": 2}, {"ID": "TestApp2", "Type": 1}, {"ID": "95106c0e-3519-450e-8e38-7f326d873454", "Type": 2}, {"ID": "95106c0e-3519-450e-8e38-7f326d873454", "Type": 4}], "TargetContextId": "58aee3b9-7433-46a0-b54e-2429487992a0"} {"CreationTime": "2023-09-01T17:15:43", "Id": "2e49d9cf-8d9b-43b4-ba55-fdcd6a835cb0", "Operation": "Add application.", "OrganizationId": "58aee3b9-7433-46a0-b54e-2429487992a0", "RecordType": 8, "ResultStatus": "Success", "UserKey": "1003BFFD98415B4E@contoso.onmicrosoft.com", "UserType": 0, "Version": 1, "Workload": "AzureActiveDirectory", "ObjectId": "Application_a2d68f8b-ab9f-47ac-934f-b966c3ac134f", "UserId": "attacker@contoso.onmicrosoft.com", "AzureActiveDirectoryEventType": 1, "ExtendedProperties": [{"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36\",\"AppId\":\"95106c0e-3519-450e-8e38-7f326d873454\"}"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}], "ModifiedProperties": [{"Name": "AppId", "NewValue": "[\r\n \"95106c0e-3519-450e-8e38-7f326d873454\"\r\n]", "OldValue": "[]"}, {"Name": "AvailableToOtherTenants", "NewValue": "[\r\n false\r\n]", "OldValue": "[]"}, {"Name": "DisplayName", "NewValue": "[\r\n \"TestApp2\"\r\n]", "OldValue": "[]"}, {"Name": "RequiredResourceAccess", "NewValue": "[\r\n {\r\n \"ResourceAppId\": \"00000003-0000-0000-c000-000000000000\",\r\n \"RequiredAppPermissions\": [\r\n {\r\n \"EntitlementId\": \"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\r\n \"DirectAccessGrant\": false,\r\n \"ImpersonationAccessGrants\": [\r\n 20\r\n ]\r\n }\r\n ],\r\n \"EncodingVersion\": 1\r\n }\r\n]", "OldValue": "[]"}, {"Name": "PublisherDomain", "NewValue": "[\r\n \"contoso.onmicrosoft.com\"\r\n]", "OldValue": "[]"}, {"Name": "Included Updated Properties", "NewValue": "AppId, AvailableToOtherTenants, DisplayName, RequiredResourceAccess, PublisherDomain", "OldValue": ""}], "Actor": [{"ID": "attacker@contoso.onmicrosoft.com", "Type": 5}, {"ID": "1003BFFD98415B4E", "Type": 3}, {"ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", "Type": 2}, {"ID": "User_e4c722ac-3b83-478d-8f52-c388885dc30f", "Type": 2}, {"ID": "e4c722ac-3b83-478d-8f52-c388885dc30f", "Type": 2}, {"ID": "User", "Type": 2}], "ActorContextId": "58aee3b9-7433-46a0-b54e-2429487992a0", "InterSystemsId": "64a8de3e-b4b2-4b36-a1bc-bf19a6ae3a19", "IntraSystemId": "a2d4d7c4-727c-401b-9e6c-70413a080855", "SupportTicketId": "", "Target": [{"ID": "Application_a2d68f8b-ab9f-47ac-934f-b966c3ac134f", "Type": 2}, {"ID": "a2d68f8b-ab9f-47ac-934f-b966c3ac134f", "Type": 2}, {"ID": "Application", "Type": 2}, {"ID": "TestApp2", "Type": 1}, {"ID": "95106c0e-3519-450e-8e38-7f326d873454", "Type": 2}], "TargetContextId": "58aee3b9-7433-46a0-b54e-2429487992a0"} {"CreationTime": "2023-09-01T17:10:56", "Id": "43581925-c9c0-4cf0-8f14-83853ec1e63d", "Operation": "Delete application.", "OrganizationId": "58aee3b9-7433-46a0-b54e-2429487992a0", "RecordType": 8, "ResultStatus": "Success", "UserKey": "1003BFFD98415B4E@contoso.onmicrosoft.com", "UserType": 0, "Version": 1, "Workload": "AzureActiveDirectory", "ObjectId": "Application_acdcd612-0053-407b-88f1-ebe32e193cee", "UserId": "attacker@contoso.onmicrosoft.com", "AzureActiveDirectoryEventType": 1, "ExtendedProperties": [{"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36\",\"AppId\":\"c1d6e216-dfbf-4c1f-818d-d6bfc99f0694\"}"}, {"Name": "extendedAuditEventCategory", "Value": "Application"}], "ModifiedProperties": [], "Actor": [{"ID": "attacker@contoso.onmicrosoft.com", "Type": 5}, {"ID": "1003BFFD98415B4E", "Type": 3}, {"ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", "Type": 2}, {"ID": "User_e4c722ac-3b83-478d-8f52-c388885dc30f", "Type": 2}, {"ID": "e4c722ac-3b83-478d-8f52-c388885dc30f", "Type": 2}, {"ID": "User", "Type": 2}], "ActorContextId": "58aee3b9-7433-46a0-b54e-2429487992a0", "InterSystemsId": "12534c88-4425-477a-a40f-ea74457a7c9b", "IntraSystemId": "a2d4d7c4-727c-401b-9e6c-70413a080855", "SupportTicketId": "", "Target": [{"ID": "Application_acdcd612-0053-407b-88f1-ebe32e193cee", "Type": 2}, {"ID": "acdcd612-0053-407b-88f1-ebe32e193cee", "Type": 2}, {"ID": "Application", "Type": 2}, {"ID": "TestApp1", "Type": 1}, {"ID": "c1d6e216-dfbf-4c1f-818d-d6bfc99f0694", "Type": 2}], "TargetContextId": "58aee3b9-7433-46a0-b54e-2429487992a0"} {"CreationTime": "2023-09-01T17:10:56", "Id": "730cbb8e-962e-43e6-b442-aaf3bc8dfece", "Operation": "Remove service principal.", "OrganizationId": "58aee3b9-7433-46a0-b54e-2429487992a0", "RecordType": 8, "ResultStatus": "Success", "UserKey": "1003BFFD98415B4E@contoso.onmicrosoft.com", "UserType": 0, "Version": 1, "Workload": "AzureActiveDirectory", "ObjectId": "c1d6e216-dfbf-4c1f-818d-d6bfc99f0694", "UserId": "attacker@contoso.onmicrosoft.com", "AzureActiveDirectoryEventType": 1, "ExtendedProperties": [{"Name": "additionalDetails", "Value": "{\"User-Agent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36\",\"AppId\":\"c1d6e216-dfbf-4c1f-818d-d6bfc99f0694\"}"}, {"Name": "extendedAuditEventCategory", "Value": "ServicePrincipal"}], "ModifiedProperties": [{"Name": "TargetId.ServicePrincipalNames", "NewValue": "c1d6e216-dfbf-4c1f-818d-d6bfc99f0694", "OldValue": ""}], "Actor": [{"ID": "attacker@contoso.onmicrosoft.com", "Type": 5}, {"ID": "1003BFFD98415B4E", "Type": 3}, {"ID": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", "Type": 2}, {"ID": "User_e4c722ac-3b83-478d-8f52-c388885dc30f", "Type": 2}, {"ID": "e4c722ac-3b83-478d-8f52-c388885dc30f", "Type": 2}, {"ID": "User", "Type": 2}], "ActorContextId": "58aee3b9-7433-46a0-b54e-2429487992a0", "InterSystemsId": "12534c88-4425-477a-a40f-ea74457a7c9b", "IntraSystemId": "a2d4d7c4-727c-401b-9e6c-70413a080855", "SupportTicketId": "", "Target": [{"ID": "ServicePrincipal_01b95e22-4308-41f0-abec-9c49aa213698", "Type": 2}, {"ID": "01b95e22-4308-41f0-abec-9c49aa213698", "Type": 2}, {"ID": "ServicePrincipal", "Type": 2}, {"ID": "TestApp1", "Type": 1}, {"ID": "c1d6e216-dfbf-4c1f-818d-d6bfc99f0694", "Type": 2}, {"ID": "c1d6e216-dfbf-4c1f-818d-d6bfc99f0694", "Type": 4}], "TargetContextId": "58aee3b9-7433-46a0-b54e-2429487992a0"}