Managed Sentinel – Alert 084

Alert IDMS-A084
Alert NameMicrosoft Azure Identity Protection alert
DescriptionThis alert notifies on Azure Identity Protection alerts sent to Azure Sentinel. The details are provided in the alert body
Severity LevelMedium
Threat IndicatorUnauthorized Access
MITRE ATT&CK TacticsCredential Access
Priviledge Escalation
Log sourcesAzure Identity Protection
False PositivesPlease review every alert for potential false positive. Some detection types requires an extensive time for tunning before reducing the volume of false positives
RecommendationsEach alert type is documented by Microsoft here:
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-risk-events