Managed Sentinel – Alert 056

Alert IDMS-A056
Alert NameLogin attempts using Legacy Authentication (Azure)
DescriptionThis query over Azure AD sign-in activity highlights use of legacy authentication protocol in the environment. Because conditional access policies are not evaluated when legacy authentication is used, legacy authentication can be used to circumvent all Azure Conditional Access policies.
Source: Github - Microsoft
Severity LevelLow
Threat IndicatorImproper Usage
MITRE ATT&CK TacticsInitial Access
Log sourcesAzureActivity
False Positive
RecommendationsInvestigate the failed logins using Sentinel and see if the affected user accounts were used somewhere else in your network. Eventually reset password for impacted user accounts.