Managed Sentinel – Alert 066
| Alert ID | MS-A066 |
| Alert Name | Azure activity from malicious IPs |
| Description | Indicates Azure activities recorded from IP addresses listed in Managed Sentinel Threat Intelligence Feed |
| Severity Level | Medium |
| Threat Indicator | Unauthorized Access |
| MITRE ATT&CK Tactics | Initial Access |
| Log sources | Azure AD |
| False Positive | |
| Recommendations | 1. Verify the malicious IP address against other Threat Intelligence sources 2. Based on the confidence level, perform an investigation in Azure Sentinel to understand any lateral movements from the IP address into your organiation Azure environment. 3. Disable the Azure AD account used for the remote access 4. Enable MFA |