Classification:
compliance
Set up the azure integration.
Detect when any user logs in to Azure AD without multi-factor authentication.
This rule monitors Azure Activity logs for Active Directory logs and detects when any @evt.category
has a value of SignInLogs
, and @properties.authenticationRequirement
has a value of singleFactorAuthentication
.