Microsoft Entra ID: Sign-in Detection Blind Spot for Disabled Accounts Closed Across Commercial and Government Tenants
The SigninAttemptsByIPviaDisabledAccounts Analytic Rule was silently missing sign-in attempts that returned the shorter ResultDescription variant “The user account is disabled.” - meaning brute-force attempts against disabled accounts from a given IP were going undetected in affected tenants. Read More →