Entra ID and Sign in Logs with Sentinel - Shared mailbox with sign-in blocked

Brass Contributor

Morning all,

 

We are presently investigation how Entra ID Sign-in logs are used within our Sentinel environment but need some help with some of the following scenario to understand the logs we are collecting.

 

If a shared mailbox is configured for 'sign-in is blocked' and a malicious actor attempted to sign into that account what would we see in the Sign-in logs?

 

Regards

 

Mike

1 Reply

@MikeP751860 

 

Sign0in logs are account based in AAD