New Blog | Sentinel Watchlist for Verifying First-party Microsoft Applications in Sign-in reports

Microsoft Sentinel Watchlist for Verifying First-party Microsoft Applications in Sign-in reports - Azure Cloud & AI Domain Blog (azurecloudai.blog)

In the Sign-in logs you will regularly see Application IDs as user accounts. Most generally, these will be our own application IDs for commonly used services and products. These are generally considered non-nefarious, but they can show up in Incidents and take time to investigate.

So, here’s a Watchlist you can employ in your Microsoft Sentinel environment that contains some of these commonly identified applications.

Original Post: New Blog | Sentinel Watchlist for Verifying First-party Microsoft Applications in Sign-in reports - Microsoft Tech Community