Introducing new Vectra AI Platform coverage for Copilot and Microsoft Azure

Vectra AI Japan、ITR発行の最新レポート内「NDR市場」にて国内トップシェアを獲得

詳細を見る

Research & Insights

Expert insights from Vectra AI data scientists, product engineers and security researchers empower your SOC analysts to make faster, smarter decisions.

Up-level your SOC with insights from security experts at Vectra AI, based on real-world experiences defending hybrid enterprise environments.

Join our security researchers, data scientists, and analysts as we share 11+ years of security-AI research and expertise with the global cybersecurity community.

See the Vectra AI Platform in action.

See how integrated signal from Vectra AI lets you see and stop sophisticated attacks other technologies miss.

Take the interactive tour

Resources

Breaking news and expert insights

Blue Team Workshops, on-demand webinars and global events near you

Join our security researchers, data scientists, and analysts as we share 11+ years of security-AI research and expertise with the global cybersecurity community.

Research reports, attack anatomies, white papers, guides, datasheets and customer stories

Demo Videos & Tours

See the Vectra AI Platform in action.

See how integrated signal from Vectra AI lets you see and stop sophisticated attacks other technologies miss.

Take the interactive tour

Company

See why we’re the world leader in AI security

Request an intro with a Vectra AI security expert

Deployment guides, knowledge base, release notes and security announcements

Join the team behind the world’s first AI-based cybersecurity platform

Breaking news from Vectra AI

Expert insight from security researchers, data scientists and engineers

Don't let the Grinch Steal Your Passwords this Holiday Season

Protect yourself this holiday season from malicious websites. Learn how hackers deceive shoppers and how to stay secure online.

Back to all detections

Azure AD MFA-Failed Suspicious Sign-On

Azure AD MFA-Failed Suspicious Sign-On

Possible Root Causes

Example Scenarios

Business Impact

Steps to Investigate

MITRE ATT&CK Techniques

Related Detections

Detection overview

Triggers

A login attempt occurred to an account where both conditional access policies were not met and where sign-on attributes (such as location, device, etc.) that are unusual for the account.

Possible Root Causes

An adversary has stolen a valid account and is attempting to use it as part of an attack but had not yet succeeded in circumventing MFA or other conditional access policies.
A user has moved and performed a full refresh of their devices and failed to pass MFA or other conditional access policies.

Business Impact

Adversaries will continue to attempt to bypass security controls until successful unless directly stopped.
The compromise of a valid account may lead to the loss of confidentiality and integrity of any data and services that the account may access, and it may be used in service of additional lateral movement or attacks against other internal users.

Steps to Verify

Investigate irregularities associated with this user’s login events for indications of a successful compromise.
Validate whether these attempts were performed by the account’s proper owner.

Azure AD MFA-Failed Suspicious Sign-On

Possible root causes

Malicious Detection

Benign Detection

Azure AD MFA-Failed Suspicious Sign-On

Example scenarios

Azure AD MFA-Failed Suspicious Sign-On

Business impact

If this detection indicates a genuine threat, the organization faces significant risks:

Azure AD MFA-Failed Suspicious Sign-On

Steps to investigate

Azure AD MFA-Failed Suspicious Sign-On

MITRE ATT&CK techniques covered

Valid Accounts

Azure AD MFA-Failed Suspicious Sign-On

Related detections

No items found.

FAQs