Managed Sentinel – Alert 206

Alert IDMS-A206
Alert NameMicrosoft Cloud App Security alert
DescriptionThis alert indicates that the Microsoft Cloud App Security (MCAS) has raised an alert based on the configured policies.
Severity LevelMedium
Threat IndicatorVarious indicators, depending on the user activity that triggered the MCAS alert.
MITRE ATT&CK TacticsVarious tactics, depending on the user activity that triggered the MCAS alert.
Log sourcesMicrosoft Cloud App Security
Recommendations1. Review the suspicious activity identified by MCAS
2. Contact the user if applicable
3. Look for additional indicators of compromise related to the user or the system identified in the alert.