Managed Sentinel – Alert 007
| Alert ID | MS-A007 |
| Alert Name | Azure AD signins from new locations |
| Description | New Azure Active Directory signin locations today versus historical Azure Active Directory signin data.In the case of password spraying or brute force attacks one might see authentication attempts for many accounts from a new location. Source: Github - Microsoft |
| Severity Level | Informational |
| Threat Indicator | Unauthorized Access |
| MITRE ATT&CK Tactics | Initial Access |
| Log sources | Azure Sign-in Logs |
| False Positives | VPN access in some special situations |
| Recommendations | Investigate if this user account is legitimate. If not change Azure AD user account password. |