Forensics

https://github.com/WillOram/AzureAD-incident-response/blob/main/README.md

Microsoft 365 enumeration, spraying and exfiltration - TeamFiltration in the spotlightGuillaume B.'s Notebook

Good UAL HuntingTECHCOMMUNITY.MICROSOFT.COM

Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments | CISACybersecurity and Infrastructure Security Agency CISA