Currently huntress will only alert if there's a SUCCESSFUL sign in with an axios user agent.

In my mind, an axios user agent guarantees the user provided their credentials in a phishing page. At a minimum, their password needs to be reset. Even if M365 is protected by MFA, the threat actor may be able to sign in to other platforms where MFA is not required with the same username/password.

We would prefer to be alerted for ANY sign in attempts with "axios" in the user agent.