Microsoft Entra user credentials
This SIT is also included in the All credentials bundled SIT.
Format
A paired username and password related to *.onmicrosoft.com domain.
or
Plain-text password used in code snippets.
or
Plain-text password used in XML configuration.
Pattern
Various username and password formats, for example:
username=...password=********
/user:.../pass:********
SharePointOnlineAuthenticatedContext
sign_in
or
Various password formats in code snippets, for example:
new X509Certificates2( ...
ConvertTo-SecureString -String ********...
password = "********"...
"password" : "********"...
UserPasswordCredential( ...
or
Various password formats in XML, for example:
... <secret>********</secret> ...
... <password>********</password> ...
... <setting name="password" value="********" > ...
... <setting name="password">********</setting> ...
... <setting name="password"><value>********</value></setting> ...
Credential example
[email protected];password=ZYXWVU$1;
Checksum
No
SITs that have checksums use a unique calculation to check if the information is valid. This means when the Checksum value is Yes, the service can make a positive detection based on the sensitive data alone. When the Checksum value is No additional (secondary) elements must also be detected for the service to make a positive detection.
Keyword Highlighting
Supported
When keyword highlighting is supported in the contextual summary for a sensitive information type or a trainable classifier, in the Contextual Summary view of activity explorer, the keywords in a document that were matched to a policy are highlighted.
Definition
This SIT is designed to match the security information that's used as individual user passwords to authenticate against Microsoft Entra ID.
It uses several primary resources:
- Patterns of Plain-text username and password for Microsoft Entra tenants.
- Patterns of Password context in code.
- Patterns of Password context in XML.
- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName.
- Patterns of mockup values, redactions, and placeholders.
- A dictionary of vocabulary.
The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched.
Keywords
Keyword_AzureActiveDirectoryLoginCredentials:
- password
- pw
- userpass
- credentials
- cmdkey
- Authenti
- sign_in
Keyword_PasswordContextInCode:
- key
- x509c
- credential
- password
- pw
- securestring
Keyword_PasswordContextInXml:
- userpass
- password
- pw
- connectionstring
- key
- credential
- token
- sas
- secret