Managed Sentinel – Alert 037

Alert IDMS-A037
Alert NameFailed login attempts to Azure Portal
DescriptionAccess attempts to Azure Portal from an unauthorized user. Either invalid password or the user account does not exist.
Source: Github - Microsoft
Severity LevelInformational
Threat IndicatorImproper Usage
MITRE ATT&CK TacticsInitial Access
Log sourcesAzureActivity
False Positive
Recommendations1. Brute force attack indicator against the Azure Portal.
2. Change password for admin accounts.