Entra ID and Sign in Logs with Sentinel - Shared mailbox with sign-in blocked

Brass Contributor

Morning all,


We are presently investigation how Entra ID Sign-in logs are used within our Sentinel environment but need some help with some of the following scenario to understand the logs we are collecting.


If a shared mailbox is configured for 'sign-in is blocked' and a malicious actor attempted to sign into that account what would we see in the Sign-in logs?





1 Reply



Sign0in logs are account based in AAD