Skip to content

Commit 2f1115c

Browse files
v-rajagtv-rajagt
authored
Link fixed.
1 parent 95ee6d3 commit 2f1115c

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

articles/active-directory/fundamentals/secure-with-azure-ad-best-practices.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -395,7 +395,7 @@ The following scenarios must be explicitly monitored and investigated:
395395

396396
* **Suspicious activity** - All [Azure AD risk events](../identity-protection/overview-identity-protection.md) should be monitored for suspicious activity. All tenants should define the network [named locations](../conditional-access/location-condition.md) to avoid noisy detections on location-based signals. [Azure AD Identity Protection](../identity-protection/overview-identity-protection.md) is natively integrated with Azure Security Center. It's recommended that any risk detection investigation includes all the environments the identity is provisioned (for example, if a human identity has an active risk detection in the corporate tenant, the team operating the customer facing tenant should also investigate the activity of the corresponding account in that environment).
397397

398-
* **User entity behavioral analytics (UEBA) alerts** - UEBA should be used to get insightful information based on anomaly detection. [Microsoft Microsoft 365 Defender for Cloud Apps](/security/business/siem-and-xdr/microsoft-defender-cloud-apps?rtc=1) provides [UEBA in the cloud](/defender-cloud-apps/tutorial-ueba). Customers can integrate [on-premises UEBA from Microsoft Microsoft 365 Defender for Identity](/defender-cloud-apps/mdi-integration). MCAS reads signals from Azure AD Identity Protection.
398+
* **User entity behavioral analytics (UEBA) alerts** - UEBA should be used to get insightful information based on anomaly detection. [Microsoft Microsoft 365 Defender for Cloud Apps](https://www.microsoft.com/security/business/siem-and-xdr/microsoft-defender-cloud-apps) provides [UEBA in the cloud](/defender-cloud-apps/tutorial-ueba). Customers can integrate [on-premises UEBA from Microsoft Microsoft 365 Defender for Identity](/defender-cloud-apps/mdi-integration). MCAS reads signals from Azure AD Identity Protection.
399399

400400
* **Emergency access accounts activity** - Any access using [emergency access accounts](../fundamentals/security-operations-privileged-accounts.md) should be monitored and [alerts](../users-groups-roles/directory-emergency-access.md) created for investigations. This monitoring must include:
401401

0 commit comments

Comments
 (0)