Add-RoleGroupMember - Detecting Persistence in Microsoft 365 Exchange with Purav Desai

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/8f/8b/4b/8f8b4b7c-0aef-e162-be28-476d9a9e7d36/mza_9900111694076175621.jpg/600x600bb.jpg

Detection Opportunities

CYBERWOX

9 episodes

5 days ago

Detection Opportunities is a podcast for security professionals who care about building resilient detection and response systems. Each episode explores real-world attacks, breaks down how signals become insights, and dives into the engineering mindset behind effective threat detection, investigation, and defense. Grounded in frontline experience across SIEM development, security operations, incident response, and threat hunting, this show brings a practical, systems-level lens to modern security engineering.

Technology

RSS

All content for Detection Opportunities is the property of CYBERWOX and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_nologo/43563165/43563165-1745889509474-7bb8047c5945c.jpg

Add-RoleGroupMember - Detecting Persistence in Microsoft 365 Exchange with Purav Desai | EP. 6

Detection Opportunities

25 minutes 40 seconds

6 months ago

Add-RoleGroupMember - Detecting Persistence in Microsoft 365 Exchange with Purav Desai | EP. 6

Learn how to decipher the Microsoft Unified Audit Log (UAL) from a Digital Forensics & Incident Response (DFIR) perspective with Purav Desai, an experienced M365/Azure Incident Responder. In today's episode, we explore the Add-RoleGroupMember operation in Exchange Online.

Purav's LinkedIn

Deciphering UAL

Microsoft Application IDs

Permission Alert Policy

_____________

TIMESTAMPS:

00:00 Intro

00:48 Add-RoleGroupMember Overview

03:22 The Result Status

04:53 The Application IDs

08:59 Key Fields of Note

10:39 Fields to Decipher