Apr 29 2022 08:28 AM
In the Sign-in logs you will regularly see Application IDs as user accounts. Most generally, these will be our own application IDs for commonly used services and products. These are generally considered non-nefarious, but they can show up in Incidents and take time to investigate.
So, here’s a Watchlist you can employ in your Microsoft Sentinel environment that contains some of these commonly identified applications.