Managed Sentinel – Alert 006

Alert IDMS-A006
Alert NameAzure application(s) added
DescriptionThis alert identifies Azure applications added via OAUTH/SAML
Severity LevelLow
Threat IndicatorUnauthorized Access
MITRE ATT&CK TacticsInitial Access
Log sourcesAzure Activity
False PositivesApproved applications
Recommendations1. Investigate the Azure application recently added
2. Investigate account which consent to this application, and identify if this is a legitimate action
3. if not, disable the account and remvoe application