Managed Sentinel – Alert 196
| Alert ID | MS-A196 |
| Alert Name | Suspicious granting of permissions to an Azure AD account |
| Description | This alert identifies IPs from which users grant access to other users on azure resources and alerts when a previously unseen source IP address is used. |
| Severity Level | Medium |
| Threat Indicator | |
| MITRE ATT&CK Tactics | Initial Access Defense Evasion |
| Log sources | AzureActivity |
| False Positives | |
| Recommendations |