Suspicious activity

Role assignment administration activity committed by a guest user



Orca detected that an API call to manage network configuration made by a guest user - {AzureUser}, the operation was successful. Azure allows an external user to access the company tenant through their regular account by creating a 'guest' identity within the company's Azure Active Directory (AAD). The action may indicate a presence of an unauthorized actor in the cloud environment since guest users usually don't perform administrative activities and their permissions should be very limited. Since guest users are managed outside of the organization, they are exposed to significant risk. To view the whole list of events, check out the Evidence tab.