PA-08 FAQ

Question 1

What is PA-08 (Risky Service Principal Detection)?

Accepted Answer

PA-08 is a security control that compromised service principals provide persistent, automated access to your tenant. unlike user accounts, service principals operate without mfa and can perform actions at scale. detecting risky service principals is critical for preventing supply chain attacks. It requires that identity protection monitors service principal risk and no medium or high-risk service principals are active, compromised service principals are investigated and disabled promptly.

Question 2

Why is Risky Service Principal Detection important for Microsoft 365 security?

Accepted Answer

Compromised service principals provide persistent, automated access to your tenant. Unlike user accounts, service principals operate without MFA and can perform actions at scale. Detecting risky service principals is critical for preventing supply chain attacks.

Question 3

How do I implement PA-08 in my tenant?

Accepted Answer

Can disable compromised service principals. Requires Workload Identities Premium.

Question 4

What license do I need for PA-08?

Accepted Answer

This control requires Azure AD Premium P1 (included in Microsoft 365 E3) or higher.

Question 5

Which security baseline includes PA-08?

Accepted Answer

PA-08 is included in the Enhanced Security baseline (Level 2). This level adds stricter controls for security-conscious organizations.

Question 6

Why is PA-08 marked as critical severity?

Accepted Answer

PA-08 is rated critical because failure to implement this control significantly increases the risk of security incidents. Compromised service principals provide persistent, automated access to your tenant. Unlike user accounts, service principals operate without MFA and can perform actions at scale. Detecting risky service principals is critical for preventing supply chain attacks.

PA-08: Risky Service Principal Detection

Related Resources

Still have questions?