Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Azure workbook for cybersecurity patrol

Copper Contributor

Hello I was wondering if anyone had any queries that would help for a patrol that I am creating? Basically what I am using it for is a workbook for my company to have a quick glance at certain IOC's that could arise such as login failures, suspicious behavior, any use of bad apps like torrent, connection failures, and anything else you would recommend. Specifically anything related to an IOC that would be useful. 

I am crating two workbooks for certain users and one for the whole company. So I need to be able to use the query for both all customers and specific ones. 


I would greatly appreciate the help thank you. 

2 Replies



Maybe start with these 3 workbooks  + Azure Activity



 Also look at Investigation Insights, which has an IOC lookup (toggle "entity")




Thank you so much. I will definitely use this in the future.