Managed Sentinel – Alert 133

Alert IDMS-A133
Alert NameRare and potentially high risk Office 365 operations
DescriptionThis will help you identify Office operations that are typically rare and can provide capabilities useful to attackers.
Severity LevelLow
Threat IndicatorImproper Usage
MITRE ATT&CK TacticsPersistence
Collection
Log sourcesOffice 365
False PositiveApproved operational change.
Recommendations1. Investigate via Azure Sentinel the other actions completed by the affected account within your network.