Managed Sentinel – Alert 191
| Alert ID | MS-A191 |
| Alert Name | Successful logon from IP and failure from a different IP |
| Description | This alert identifies when a user account successfully logs onto an Azure App from one IP and within 10 mins failed to logon to the same App via a different IP. |
| Severity Level | Medium |
| Threat Indicator | |
| MITRE ATT&CK Tactics | InitialAccess Persistence DefenseEvasion |
| Log sources | SigninLogs |
| False Positives | |
| Recommendations |