Microsoft: LoLBins (short for living-off-the-land binaries) are Microsoft-signed executables (downloaded or pre-installed) Threat actors can abuse these executables to evade detection while performing malicious tasks. They can be used by attackers to bypass network defenses, deploy cryptominers, elevate privileges, and disable real-time protection on a targeted device. Microsoft recommends using Azure Defender for Resource Manager, which keeps track of Azure management operations and alerts you if it spots suspicious activity.
Source: https://www.bleepingcomputer.com/news/security/microsoft-shares-detection-mitigation-advice-for-azure-lolbins/