User Entity might need to be broken down into Managed identity and service principal

[Cyb3rWard0g]

For example a few sources of data in Azure track specific entities such as User, managed identities and service principals in separate logs:

https://github.com/mitre-attack/attack-datasources/blob/main/contribution/user_account.yml

[Cyb3rWard0g]