Hey @Sebastien Molendijk 


We got the alarm, but what is missing is where Microsoft Security spotted the cred's in the first place. While I'm not a massive fan of attribution, aka blaming state actor abc, I think having a process to understand where the alert came from will assist in a preventative and hunting activities.


Could I log a support case with Azure to find out where this information came from,?