Renamed analytic rule from BruteForceCloudPC to BruteForceAgainstEntraAuthenticatedWindowsDevice and updated name and description in Analytic Rule

Solutions/Microsoft Entra ID/Analytic Rules/BruteForceCloudPC.yaml → Solutions/Microsoft Entra ID/Analytic Rules/BruteForceAgainstanEntraAuthenticatedWindowsDevice.yaml

@@ -1,7 +1,7 @@
 id: 3fbc20a4-04c4-464e-8fcb-6667f53e4987
-name: Brute force attack against a Cloud PC
+name: Brute force attack against an Entra-authenticated Windows device
 description: |
-  'Identifies evidence of brute force activity against a Windows 365 Cloud PC by highlighting multiple authentication failures and by a successful authentication within a given time window.'
+  'Identifies evidence of brute force activity against Windows devices authenticated via Entra ID (including Entra-joined, hybrid-joined, and Windows 365 Cloud PCs) by detecting multiple authentication failures followed by a successful authentication within a defined time window.'
 severity: Medium
 requiredDataConnectors:
   - connectorId: AzureActiveDirectory
@@ -66,5 +66,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPAddressFirst    
-version: 2.0.1
+version: 2.0.2
 kind: Scheduled

Solutions/Microsoft Entra ID/Data/Solution_AAD.json

@@ -23,7 +23,7 @@
 		"Solutions/Microsoft Entra ID/Analytic Rules/AzureADRoleManagementPermissionGrant.yaml",
 		"Solutions/Microsoft Entra ID/Analytic Rules/AzurePortalSigninfromanotherAzureTenant.yaml",
 		"Solutions/Microsoft Entra ID/Analytic Rules/Brute Force Attack against GitHub Account.yaml",
-		"Solutions/Microsoft Entra ID/Analytic Rules/BruteForceCloudPC.yaml",
+		"Solutions/Microsoft Entra ID/Analytic Rules/BruteForceAgainstanEntraAuthenticatedWindowsDevice.yaml",
 		"Solutions/Microsoft Entra ID/Analytic Rules/BulkChangestoPrivilegedAccountPermissions.yaml",
 		"Solutions/Microsoft Entra ID/Analytic Rules/BypassCondAccessRule.yaml",
 		"Solutions/Microsoft Entra ID/Analytic Rules/CredentialAddedAfterAdminConsent.yaml",

Solutions/Microsoft Entra ID/Package/createUiDefinition.json

@@ -328,13 +328,13 @@
           {
             "name": "analytic12",
             "type": "Microsoft.Common.Section",
-            "label": "Brute force attack against a Cloud PC",
+            "label": "Brute force attack against an Entra-authenticated Windows device",
             "elements": [
               {
                 "name": "analytic12-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Identifies evidence of brute force activity against a Windows 365 Cloud PC by highlighting multiple authentication failures and by a successful authentication within a given time window."
+                  "text": "Identifies evidence of brute force activity against Windows devices authenticated via Entra ID (including Entra-joined, hybrid-joined, and Windows 365 Cloud PCs) by detecting multiple authentication failures followed by a successful authentication within a defined time window."
                 }
               }
             ]