Resource access activity

Super Contributor

Where can we find more info on the following activities logged by Azure ATP? What is the difference between those two:


Resource accessdevice xxxx, property xxxx/xxxx

Resource access: property Spns xxx/xxxx, user xxxx


What could cause a lot of these activities by one user? Can this indicate kerberoasting?

0 Replies