user changing to a new device, location, browser, etc.

source: <a href=https://github.com/SigmaHQ/sigma/blob/master/rules/cloud/azure/identity_protection/azure_identity_protection_unfamilar_sign_in.yml>sigma
technicques: t1078

Techniques

Detects sign-in with properties that are unfamiliar to the user. The detection considers past sign-in history to look for anomalous sign-ins.

condition: selection
selection:
  riskEventType: unfamiliarFeatures