Collection: Latest insights and cybersecurity resources

Defenders should focus on those users who trigger multiple alerts rapidly. For example, a risky sign-in followed closely by indicators of persistence techniques, such as mailbox rule creation.

Two detection sources are very helpful in detecting and alerting of token theft attacks, for example: Azure Active Directory Identity Protection and Microsoft Defender for Cloud Apps