ITM is an open framework - Submit your contributions now.

Insider Threat Matrix™

  • ID: DT089
  • Created: 26th July 2024
  • Updated: 26th July 2024
  • Platform: Windows
  • Contributor: The ITM Team

AzureAD PowerShell Log

On Windows, when PowerShell is used to interact with AzureAD, .log files are written to disk in the following location:

C:\Users\<Username>\AppData\Local\Microsoft\AzureAD\Powershell

 

These TXT .log files contain information about activities and the timestamps they occurred, and can help understand how a system is communicating with AzureAD including the account name, tenant ID, and domain name.