Managed Sentinel – Alert 037
| Alert ID | MS-A037 |
| Alert Name | Failed login attempts to Azure Portal |
| Description | Access attempts to Azure Portal from an unauthorized user. Either invalid password or the user account does not exist. |
| Severity Level | Informational |
| Threat Indicator | Improper Usage |
| MITRE ATT&CK Tactics | Initial Access |
| Log sources | AzureActivity |
| False Positive | |
| Recommendations | 1. Brute force attack indicator against the Azure Portal. 2. Change password for admin accounts. |