1. Disable user account or change user account password.
2. Use Azure Sentinel to investigate any suspicious access from affected user account to other internal resources (lateral movement).
3. Investigate source host from where the login attempt was tried.
4. Perform an Azure Sentinel investigation for this entity (IP address related to the attacker)