Modify Authentication Process: Conditional Access Policies

Other sub-techniques of Modify Authentication Process (9)

ID	Name
ATAGS-T1055.001	Domain Controller Authentication
ATAGS-T1055.002	Multi-Factor Authentication
ATAGS-T1055.003	Network Device Authentication
ATAGS-T1055.004	Network Provider DLL
ATAGS-T1055.005	Password Filter DLL
ATAGS-T1055.006	Pluggable Authentication Modules
ATAGS-T1055.007	Reversible Encryption
ATAGS-T1055.008	Conditional Access Policies
ATAGS-T1055.009	Hybrid Identity

Threat Actors may disable or modify conditional access policies to enable persistent access to compromised accounts. Conditional access policies are additional verifications used by identity providers and identity and access management systems to determine whether a user should be granted access to a resource.

ID: ATAGS-T1055.008

Sub-technique of: ATAGS-T1055

ⓘ

Tactic: Execution

ⓘ

Targeted Components: Cloud Control Plane

ⓘ

Responsibility: Provider

Created: 18 April 2026

Last Modified: 18 April 2026

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.