Admin Activity Anomaly Detection for Manufacturing & Industrial

Manufacturing & Industrial organizations face specific regulatory requirements including iso27001, nist-800-53, cis. The LOG-05 control helps address these requirements by:

• Unusual admin behaviors trigger alerts
• New sign-in locations for admins are flagged
• Bulk operations by admins are monitored
• Off-hours admin activity is tracked

Compromised admin accounts often exhibit unusual patterns: signing in from new locations, performing bulk operations, or working at unusual hours. Detecting these anomalies enables early response to account compromise.

When implementing LOG-05 in a manufacturing & industrial environment, consider:

• **Regulatory requirements**: iso27001, nist-800-53, cis may mandate specific configurations
• **Risk tolerance**: Manufacturing & Industrial organizations typically have moderate to low risk tolerance
• **Audit frequency**: Plan for regular compliance reviews
• **Documentation**: Maintain detailed records for regulatory inspections

LOG-05 requires the following configuration:

• Unusual admin behaviors trigger alerts
• New sign-in locations for admins are flagged
• Bulk operations by admins are monitored
• Off-hours admin activity is tracked

Requires Identity Protection or SIEM with correlation rules

Follow the steps above in your Microsoft Entra admin center to enable this control.