Managed Sentinel – Alert 037

Alert IDMS-A037
Alert NameFailed login attempts to Azure Portal
DescriptionAccess attempts to Azure Portal from an unauthorized user. Either invalid password or the user account does not exist.
Severity LevelInformational
Threat IndicatorImproper Usage
MITRE ATT&CK TacticsInitial Access
Log sourcesAzureActivity
False Positive
Recommendations1. Brute force attack indicator against the Azure Portal.
2. Change password for admin accounts.