Lab539 - Tailored Cyber Defence

View Original

AiTM Feed - Conditional Access

This post details how to utilise the Lab539 Adversary in The Middle service in order to subscribe to the conditional access service and benefit from a real time updated named location feed.

If you are not already a subscriber then you can subscribe here. The conditional access service requires the Defender package.

Video Setup Guide

Permissions

The following inbuilt roles will suffice for any account you wish to register with the service:

If you would like to specify roles then these are the permissions the service requests:

  • Policy.ReadWrite.ConditionalAccess

  • Policy.Read.All

In addition we request an offline access scope in order that we can update the named location without requiring you to authenticate each time:

  • scope=offline_access

Accounts

You do not need to use the account that you registered for the AiTM feed subscription with. Within the portal you have the ability to specify the account you would like to use for this aspect of the service. As long as the account has the required permissions it will function: