Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Identifies sucessful sign-in events to Finance & Operations and Lifecycle Services using single factor/password authentication. Sign-in events from tenants not using MFA, coming from a Microsoft Entra trusted network location, or from geolocations seen previously in the last 14 days are excluded.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Microsoft Business Applications |
| ID | 919e939f-95e2-4978-846e-13a721c89ea1 |
| Severity | Low |
| Status | Available |
| Kind | Scheduled |
| Tactics | CredentialAccess, InitialAccess |
| Techniques | T1552, T1078 |
| Required Connectors | AzureActiveDirectory |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
SigninLogs |
NetworkLocationDetails !has "trustedNamedLocation"ResultType == "0" |
✓ | ✗ | ✓ |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
↑ Back to Analytic Rules · Back to Microsoft Business Applications