Managed Sentinel – Alert 041
| Alert ID | MS-A041 |
| Alert Name | Granting elevated permissions to an account in Azure |
| Description | Shows the most prevalent users who grant access to others on azure resources and for each account their common source ip address Source: Github - Microsoft |
| Severity Level | Low |
| Threat Indicator | Improper Usage |
| MITRE ATT&CK Tactics | Persistence |
| Log sources | AzureActivity |
| False Positive | |
| Recommendations | If an operation is not from this IP address it may be worthy of investigation. |