The Azure ROPC Login Attempt Without MFA rule aims to detect unauthorized Resource Owner Password Credentials (ROPC) authentication procedures in Microsoft Entra ID where Multi-Factor Authentication (MFA) is not enforced. ROPC is recognized as a deprecated and less secure authentication method that allows applications to directly gather user credentials, bypassing stricter modern authentication practices, including MFA. This rule is vital in defending against credential enumeration and password spraying attacks commonly utilized by adversaries using automated tools. The rule logs attempts that meet specific criteria and prompts investigation by correlating failed login records, assessing associated applications, and analyzing suspicious user agent signatures.