TP: If the application is not known or not being used, the specified activity is potentially suspicious and should have to have disabling the application, after verifying the Azure resource being used, and validating the application usage within the tenant. Tenant admins will need to offer consent via pop https://williamm178vxa3.blogofchange.com/profile
