diff --git a/datasets/attack_techniques/T1561.001/microsoft_intune_bulk_wipe/microsoft_intune_bulk_wipe.log b/datasets/attack_techniques/T1561.001/microsoft_intune_bulk_wipe/microsoft_intune_bulk_wipe.log
new file mode 100644
index 00000000..7b5263d9
--- /dev/null
+++ b/datasets/attack_techniques/T1561.001/microsoft_intune_bulk_wipe/microsoft_intune_bulk_wipe.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a1ceda0afc580ecf7e761e44aa109e9b1f1d52e529e9c4fe72ad2d950512c227
+size 13001
diff --git a/datasets/attack_techniques/T1561.001/microsoft_intune_bulk_wipe/microsoft_intune_bulk_wipe.yml b/datasets/attack_techniques/T1561.001/microsoft_intune_bulk_wipe/microsoft_intune_bulk_wipe.yml
new file mode 100644
index 00000000..100c6500
--- /dev/null
+++ b/datasets/attack_techniques/T1561.001/microsoft_intune_bulk_wipe/microsoft_intune_bulk_wipe.yml
@@ -0,0 +1,11 @@
+author: Jake Enea
+id: 4a5c3288-8391-4e80-9c3d-9dbb60ed1c45
+date: '2026-03-29'
+description: The following data contains simulated bulk Intune "wipe ManagedDevice" events from the Intune admin portal. 
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1561.001/microsoft_intune_bulk_wipe/microsoft_intune_bulk_wipe.log
+sourcetypes:
+- azure:monitor:activity
+references:
+- https://www.lumos.com/blog/stryker-hack
\ No newline at end of file