Managed Sentinel – Alert 075

Alert IDMS-A075
Alert NameMultiple users email forwarded to same destination
DescriptionThis alert will trigger for users that have been active in last 90 days, but not in the last 60 days
Severity LevelInformational
Threat Indicator
Log sourcesOffice 365
False Positive
Recommendations1. Review the list of O365 email accounts and validate if these users are not longer part of your organization
2. If yes, remove or disable accounts (free-up licenses)