Managed Sentinel – Alert 133
| Alert ID | MS-A133 |
| Alert Name | Rare and potentially high risk Office 365 operations |
| Description | This will help you identify Office operations that are typically rare and can provide capabilities useful to attackers. |
| Severity Level | Low |
| Threat Indicator | Improper Usage |
| MITRE ATT&CK Tactics | Persistence Collection |
| Log sources | Office 365 |
| False Positive | Approved operational change. |
| Recommendations | 1. Investigate via Azure Sentinel the other actions completed by the affected account within your network. |