1. Investigate the impacted VPN accounts status and ownership
2. If required reset account access credentials
3. Reach out to end user to validate the situation
4. If proven not be a false positive, perform an investigation via Azure Sentinel console to find out if any other connections inside of corporate network was completed by the VPN users.