Managed Sentinel – Alert 192
| Alert ID | MS-A192 |
| Alert Name | Distributed Password cracking attempts in Azure AD |
| Description | This alert identifies distributed password cracking attempts from the Azure Active Directory SigninLogs. The query looks for unusually high number of failed password attempts coming from multiple locations for a user account. |
| Severity Level | Medium |
| Threat Indicator | |
| MITRE ATT&CK Tactics | Credential Access |
| Log sources | SigninLogs |
| False Positives | |
| Recommendations |