Tag

Microsoft_365

1 brief RSS

M365 or Entra ID Identity Sign-in from a Suspicious Source

This rule correlates Entra-ID or Microsoft 365 mail successful sign-in events with network security alerts by source address, indicating potential initial access by adversaries triggering network security alerts before accessing cloud resources.

Microsoft 365 +1 cloud saas azure entra_id microsoft_365 initial_access

2r 1t 1h ago