Multiple successful VPN logins for different users from same IP address
This alert indicates that two or more VPN users successful connected from the same IP address.
MITRE ATT&CK Tactics
1. Company staff gathering in a single remote location
1. Investigate the impacted VPN accounts status and ownership
2. If required reset account access credentials
3. Reach out to end user to validate the situation
4. If proven not be a false positive, perform an investigation via Azure Sentinel console to find out if any other connections inside of corporate network was completed by the VPN users.