Threat Hunting in Microsoft Azure

A while back, a customer asked me to help inspect what happened to an environment in Azure that got compromised and was used to launch a ransomware attack.  Unfortunately, this environment also had a VPN connection between Azure and their existing on-premises data...