CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment. The tool is intended for use by incident responders and is narrowly focused on activity that is endemic to the recent identity- and authentication-based attacks seen in multiple sectors.
CISA strongly encourages users and administrators to visit the following GitHub page for additional information and detection countermeasures.
This product is provided subject to this Notification and this Privacy & Use policy.