Tag
This analytic detects the usage of the Azure CLI to interact with user accounts, such as creating or deleting a user, potentially indicating malicious activity aimed at maintaining persistence and evading detection within an Entra ID environment.