Product

Entra ID

2 briefs RSS

Entra ID Excessive Account Lockouts Detected

A high volume of failed Microsoft Entra ID sign-in attempts resulting in account lockouts indicates potential brute-force attacks, such as password spraying or credential stuffing, targeting user accounts.

Entra ID azure entra_id credential_access brute_force

2r 3t 1w ago

high advisory

Azure AD Sign-in from New Country/Region

2 rules 1 TTP

Detection of Azure AD sign-ins originating from countries or regions not previously associated with a user, indicating potential account compromise or anomalous activity.

Entra ID attack.stealth attack.t1078 attack.persistence attack.privilege-escalation attack.initial-access

2r 1t Jan 30, 2024