Managed Sentinel – Alert 075
| Alert ID | MS-A075 |
| Alert Name | Multiple users email forwarded to same destination |
| Description | This alert will trigger for users that have been active in last 90 days, but not in the last 60 days |
| Severity Level | Informational |
| Threat Indicator | |
| MITRE ATT&CK Tactics | |
| Log sources | Office 365 |
| False Positive | |
| Recommendations | 1. Review the list of O365 email accounts and validate if these users are not longer part of your organization 2. If yes, remove or disable accounts (free-up licenses) |