You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/identity-protection/howto-identity-protection-simulate-risk.md
+8-4Lines changed: 8 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -27,7 +27,7 @@ This article provides you with steps for simulating the following risk detection
27
27
- Anonymous IP address (easy)
28
28
- Unfamiliar sign-in properties (moderate)
29
29
- Atypical travel (difficult)
30
-
- Leaked Credentials in GitHub for Workload Identities (moderate)
30
+
- Leaked credentials in GitHub for workload identities (moderate)
31
31
32
32
Other risk detections cannot be simulated in a secure manner.
33
33
@@ -84,15 +84,19 @@ The sign-in shows up in the Identity Protection dashboard within 2-4 hours.
84
84
85
85
## Leaked Credentials for Workload Identities
86
86
87
-
This risk detection indicates that the application's valid credentials have been leaked. This leak can occur when someone checks in the credentials in a public code artifact on GitHub. Therefore, to simulate this detection, you need a GitHub account and can [sign up a GitHub account](https://docs.github.com/en/get-started/signing-up-for-github) if you don't have one already.
87
+
This risk detection indicates that the application's valid credentials have been leaked. This leak can occur when someone checks in the credentials in a public code artifact on GitHub. Therefore, to simulate this detection, you need a GitHub account and can [sign up a GitHub account](https://docs.github.com/get-started/signing-up-for-github) if you don't have one already.
88
88
89
89
**To simulate Leaked Credentials in GitHub for Workload Identities, perform the following steps**:
90
90
1. Navigate to the [Azure portal](https://portal.azure.com).
91
91
2. Browse to **Azure Active Directory** > **App registrations**.
92
92
3. Select **New registration** to register a new application or reuse an exsiting stale application.
93
-
4. Select **Certificates & Secrets** > **New client Secret** , add a description of your client secret and set an expiration for the secret or specify a custom lifetime and click **Add**. Record the secret's value for later use for your GitHub Commit. Note: **You can not retrieve the secret again after you leave this page**.
93
+
4. Select **Certificates & Secrets** > **New client Secret** , add a description of your client secret and set an expiration for the secret or specify a custom lifetime and click **Add**. Record the secret's value for later use for your GitHub Commit.
94
+
95
+
> [!Note]
96
+
> **You can not retrieve the secret again after you leave this page**.
97
+
94
98
5. Get the TenantID and Application(Client)ID in the **Overview** page.
95
-
6. Ensure you disable the application via **Azure Active Directory** > **Enterprise Application** > **Properties** > Set **Enabled for users to sign-in** to **No**
99
+
6. Ensure you disable the application via **Azure Active Directory** > **Enterprise Application** > **Properties** > Set **Enabled for users to sign-in** to **No**.
96
100
7. Create a **public** GitHub Repository, add the following config and commit the change.
0 commit comments