Managed Sentinel – Alert 037

Alert IDMS-A037
Alert NameFailed login attempts to Azure Portal
DescriptionAccess attempts to Azure Portal from an unauthorized user. Either invalid password or the user account does not exist.
Source: Github - Microsoft
Severity LevelInformational
Threat IndicatorImproper Usage
MITRE ATT&CK TacticsInitial Access
Log sourcesAzureActivity
False Positive
RecommendationsThis could be an indicator of a brute force attack against the Azure Portal. Change password for admin accounts.