diff --git a/datasets/attack_techniques/T1561.001/microsoft_intune_bulk_wipe/microsoft_intune_bulk_wipe.log b/datasets/attack_techniques/T1561.001/microsoft_intune_bulk_wipe/microsoft_intune_bulk_wipe.log
new file mode 100644
index 00000000..7b5263d9
--- /dev/null
+++ b/datasets/attack_techniques/T1561.001/microsoft_intune_bulk_wipe/microsoft_intune_bulk_wipe.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a1ceda0afc580ecf7e761e44aa109e9b1f1d52e529e9c4fe72ad2d950512c227
+size 13001
diff --git a/datasets/attack_techniques/T1561.001/microsoft_intune_bulk_wipe/microsoft_intune_bulk_wipe.yml b/datasets/attack_techniques/T1561.001/microsoft_intune_bulk_wipe/microsoft_intune_bulk_wipe.yml
new file mode 100644
index 00000000..67a01748
--- /dev/null
+++ b/datasets/attack_techniques/T1561.001/microsoft_intune_bulk_wipe/microsoft_intune_bulk_wipe.yml
@@ -0,0 +1,13 @@
+author: Jake Enea
+id: 4a5c3288-8391-4e80-9c3d-9dbb60ed1c45
+date: '2026-03-29'
+description: The following data contains simulated bulk Intune "wipe ManagedDevice" events from the Intune admin portal. 
+environment: attack_range
+directory: microsoft_intune_bulk_wipe
+mitre_technique:
+- T1561.001
+datasets:
+- name: microsoft_intune_bulk_wipe
+  path: /datasets/attack_techniques/T1561.001/microsoft_intune_bulk_wipe/microsoft_intune_bulk_wipe.log
+  sourcetype: azure:monitor:activity
+  source: not_applicable
\ No newline at end of file