Registering Fake Agents for Log Spoofing
We talked about Spoofing AAD Logon logs as a ADFS administrator in Spoofing Azure Sign-In Logs, now we'll see how it's possible to do the same as a Global Administrator on the AAD side.
As a Global Admin we can register our own AAD Connect Health agent
or register a new ADFS server
After this setup part we are, once again, free to generate fake login events
To remove the fake agents we created we can use
Last updated