T1556.006

May 29, 2026

Entra ID Post-Credential Activity Detection: Service Principal Staging and Privileged Role Escalation

Three new hunting queries target Midnight Blizzard-style persistence patterns — service principal credential staging, privileged role assignments to new accounts, and Temporary Access Pass abuse. Read More →

May 26, 2026

Entra ID Attack Chain Correlation: Three New Hunting Queries for Sequential Compromise Patterns

Three hunting queries detect multi-event attack chains in Entra ID—privileged role grants followed by SP credential additions and MFA disabling followed by sign-ins from unknown IPs. Read More →

May 19, 2026

Entra ID Cross-Source Hunting Pack: Post-Compromise Pattern Detection

Three new hunting queries correlate AuditLogs and SigninLogs to surface post-compromise identity patterns using baseline-driven anomaly detection. Read More →

April 10, 2026

Microsoft Sentinel Training Lab: Comprehensive Hands-On Security Operations Environment Now Available

New deployment-ready training lab delivers 14 guided exercises with pre-recorded telemetry, detection rules, and automation workflows for practical Microsoft Sentinel skill development. Read More →

Auto-generated content based on the Azure-Sentinel GitHub repo.

Microsoft Sentinel is a trademark of Microsoft Corporation.