This alert indicates accounts recorded with 100 or more failures events in Azure AD SignInLogs.
MITRE ATT&CK Tactics
Applications using expired accounts
1. Identify the account owner and inquire about the failed logins
2. Lookup the source (location) of the login attempts
3. Identify applications used by the affected account
4. Lookup historical data for the affected account activity.