When cyber criminals compromise valid passwords of legitimate users, they often share those credentials. This is usually done by posting them publicly on the dark web or paste sites or by trading or selling the credentials on the black market.
Cloud App Security utilizes Microsoft’s Threat intelligence to match such credentials to the ones used inside your organization.
MITRE ATT&CK Tactics
Microsoft Cloud App Security
1. Immediately reset user credentials (change account password)
2. Notify user about action taken
3. Look for additional indicators of compromise related to the user identified in the alert using Azure Sentinel.