A helpful way to map MITRE ATT&CK tactics to Azure actions
Chasing down Microsoft Defender alerts and combing through Azure Monitor activity logs can be tough if you don’t know what to look for (or even if you do).
To give you a jump start on investigations in your own Azure environment, this handy cheat sheet mapped the Azure services in which these tactics often originate, along with the actions attackers make to execute on these techniques.
Use it to quickly identify potential attacks in Azure and map them to MITRE ATT&CK tactics.