
Summary
This detection rule is focused on monitoring sign-ins made from devices that do not meet compliance standards. The primary objective is to identify and alert security personnel when such sign-ins occur, as they can pose a significant security risk. Compliance in this context typically refers to a set of security policies and criteria that devices must meet before they are allowed access to corporate services. Non-compliant devices may lack necessary security configurations, updates, or protections that are required by an organization’s security protocols. The rule uses Azure sign-in logs to detect cases where the 'DeviceDetail.isCompliant' field is marked as false. Such instances are flagged for review to ensure that appropriate actions can be taken against potential unauthorized access. Continuous monitoring and alerting for these events can help mitigate risks related to data breaches from insecure devices.
Categories
- Cloud
- Identity Management
- Azure
Data Sources
- User Account
- Application Log
- Logon Session
Created: 2022-06-28