Creation and modification of privileged account attributes
This alerts is triggered for creation and modification of privileged account attributes in a Windows Domain.
MITRE ATT&CK Tactics
Windows Security Event Logs
Migration of an account into a new domain
If change is not correlated with an approved internal events - subject to standard change management processes in your organization, reverse the change in Active Directory. Use Azure Sentinel to query and report all access from affected user account to other internal resources (lateral movement).