MS-A007

Managed Sentinel – Alert 007

Alert IDMS-A007
Alert NameAzure AD signins from new locations
DescriptionNew Azure Active Directory signin locations today versus historical Azure Active Directory signin data.In the case of password spraying or brute force attacks one might see authentication attempts for many accounts from a new location.
Source: Github - Microsoft
Severity LevelInformational
Threat IndicatorUnauthorized Access
MITRE ATT&CK TacticsInitial Access
Log sourcesAzure Sign-in Logs
False PositivesVPN access in some special situations
RecommendationsInvestigate if this user account is legitimate. If not change Azure AD user account password.

Close