Managed Sentinel – Alert 006
| Alert ID | MS-A006 |
| Alert Name | Azure application(s) added |
| Description | This alert identifies Azure applications added via OAUTH/SAML |
| Severity Level | Low |
| Threat Indicator | Unauthorized Access |
| MITRE ATT&CK Tactics | Initial Access |
| Log sources | Azure Activity |
| False Positives | Approved applications |
| Recommendations | 1. Investigate the Azure application recently added 2. Investigate account which consent to this application, and identify if this is a legitimate action 3. if not, disable the account and remvoe application |