Product
Detects when a service principal or user performs an Azure Arc cluster credential listing operation from a source IP not previously associated with that identity, potentially indicating compromised credentials.