Managed Sentinel – Alert 191

Alert IDMS-A191
Alert NameSuccessful logon from IP and failure from a different IP
DescriptionThis alert identifies when a user account successfully logs onto an Azure App from one IP and within 10 mins failed to logon to the same App via a different IP.
Severity LevelMedium
Threat Indicator
MITRE ATT&CK TacticsInitialAccess
Log sourcesSigninLogs
False Positives