Managed Sentinel – Alert 069

Alert IDMS-A069
Alert NameNew Admin account activity seen in O365, not seen before
DescriptionThis will help you discover any new admin account activity which was seen and were not seen historically. Any new accounts seen in the results can be validated and investigated for any suspicious activities.
Source: Github - Microsoft
Severity LevelInformational
Threat IndicatorElevation of Priviledge
MITRE ATT&CK TacticsInitial Access
Log sourcesOffice 365
False PositiveApprove operational change
RecommendationsReview identified AD account and validate the if this is a permitted action in your organization.