Managed Sentinel – Alert 196

Alert IDMS-A196
Alert NameSuspicious granting of permissions to an Azure AD account
DescriptionThis alert identifies IPs from which users grant access to other users on azure resources and alerts when a previously unseen source IP address is used.
Severity LevelMedium
Threat Indicator
MITRE ATT&CK TacticsInitial Access
Defense Evasion
Log sourcesAzureActivity
False Positives