Indicates Azure activities recorded from IP addresses listed in Managed Sentinel Threat Intelligence Feed
MITRE ATT&CK Tactics
1. Verify the malicious IP address against other Threat Intelligence sources
2. Based on the confidence level, perform an investigation in Azure Sentinel to understand any lateral movements from the IP address into your organiation Azure environment.
3. Disable the Azure AD account used for the remote access
4. Enable MFA