Managed Sentinel – Alert 069
| Alert ID | MS-A069 |
| Alert Name | New Office 365 admin activity detected |
| Description | This will help you discover any new admin account activity which was seen and were not seen historically. Any new accounts seen in the results can be validated and investigated for any suspicious activities. Please note that this use case is very noisy and it is recommended to tune it regularly. |
| Severity Level | Informational |
| Threat Indicator | Unauthorized activity |
| MITRE ATT&CK Tactics | Credential Access |
| Log sources | Office 365 |
| False Positive | Approved operational change(s) |
| Recommendations | 1. Review identified AD account and validate if this change is a permitted action within your organization. 2. Investigate other activities within your network from the same originator |