Where can we find more info on the following activities logged by Azure ATP? What is the difference between those two:
Resource access: device xxxx, property xxxx/xxxx
Resource access: property Spns xxx/xxxx, user xxxx
What could cause a lot of these activities by one user? Can this indicate kerberoasting? https://www.eshlomo.us/kerberoasting-extracting-service-account-password/