This alert detects when a Zoom user was promoted to a privileged role. Impact Depends or the role, An adversary will want to add himself as an admin or a privileged user to get full access to the account resources such as users, meetings and data. Mitigation Validate this action has been approved. If it was not, revert changes and investigate further. MITRE Tactic: TA0004 MITRE Technique: T1548

This alert detects when meeting passcode requirement has been disabled from a user group. Impact Turning off the passcode requirement for new meetings can lead to unauthenticated access to meetings as well as other resources throughout the organizations account. Mitigation Validate this action has been approved. If it was not, revert changes and investigate further. MITRE Tactic: TA0005 MITRE Technique: T1562

This alert detects when the 2FA security setting has been disabled for your Zoom account. Impact An adversary could change this setting to gain access to other privileged accounts. Mitigation Validate this action has been approved. If it was not, revert changes and investigate further. MITRE Tactic: TA0006 MITRE Technique: T1556

This alert detects when the sign-in method has changed for your Zoom account. Impact An adversary might change the sign in method to disrupt day to day operations or use it to gain access to other privileged accounts. Mitigation Validate this action has been approved. If it was not, revert changes and investigate further. MITRE Tactic: TA0006 MITRE Technique: T1556

This alert detects a change in the sign-in requirements for your Zoom account. Impact An adversary might change the sign in requirements to disrupt day to day operations or use it to gain access to other privileged accounts. Mitigation Validate this action has been approved. If it was not, revert changes and investigate further. MITRE Tactic: TA0005 MITRE Technique: T1562

This alert detects when the setting - "automatically sign out external users after a specified period of time" has been disabled for your Zoom account. Impact Allowing guests and non SSO authenticated users to remain signed in to the organization's account can lead to unauthorized access to the zoom account's resources like meetings, calls and chats. Mitigation Validate this action has been approved. If it was not, revert changes and investigate further. MITRE Tactic: TA0005 MITRE Technique: T1562

This alert detects when the setting - "require that all meetings are secured with one security option" has been disabled for your Zoom account.. Impact Potentially exposes new meetings to unauthorized guests and increases the risk of a compromise to your Zoom account and users data. Mitigation Validate this action has been approved. If it was not, revert changes and investigate further. MITRE Tactic: TA0005 MITRE Technique: T1562

This alert detect when the meeting passcode requirement setting has been disabled from a user group. Impact Depends on the resource, please see the logs for more detail. Mitigation Validate this action has been approved. If it was not, revert changes and investigate further. MITRE Tactic: TA0009 MITRE Technique: T1125