{"time": "2023-07-24T20:58:58.3487894Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "72.43.121.35", "correlationId": "f99e3397-4b4d-4956-b266-ed161cc5b678", "identity": "Splunk Threat Research", "Level": 4, "location": "US", "properties": {"id": "8ea54432-1fc4-4266-a632-ba8a664c4b00", "createdDateTime": "2023-07-24T20:57:43.1342605+00:00", "userDisplayName": "Splunk Threat Research", "userPrincipalName": "strt_admin@splunkresearch.com", "userId": "3bd47e42-37c9-442f-a2b4-f04de61ef0ce", "appId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "appDisplayName": "Azure Portal", "ipAddress": "72.43.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "displayName": "", "operatingSystem": "MacOs", "browser": "Chrome 114.0.0"}, "location": {"city": "New York", "state": "New York", "countryOrRegion": "US", "geoCoordinates": {"latitude": 40.756160736083984, "longitude": -73.99697875976562}}, "mfaDetail": {}, "correlationId": "f99e3397-4b4d-4956-b266-ed161cc5b678", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": [], "enforcedSessionControls": [], "result": "success", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "8ea54432-1fc4-4266-a632-ba8a664c4b00", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Login Hint Present", "value": "True"}, {"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 273, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [{"authenticationStepDateTime": "2023-07-24T20:57:43.1342605+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "First factor requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 0}], "authenticationRequirementPolicies": [], "sessionLifetimePolicies": [], "authenticationRequirement": "singleFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "b2bCollaboration", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "MkSljsQfZkKmMrqKZkxLAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0, "managedIdentityType": "none"}} {"time": "2023-07-24T20:55:18.8837481Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "72.43.121.35", "correlationId": "f99e3397-4b4d-4956-b266-ed161cc5b678", "identity": "Splunk Threat Research", "Level": 4, "location": "US", "properties": {"id": "82a020f2-3090-4ab7-abe5-1d14bebb0100", "createdDateTime": "2023-07-24T20:53:34.5255831+00:00", "userDisplayName": "Splunk Threat Research", "userPrincipalName": "strt_admin@splunkresearch.com", "userId": "3bd47e42-37c9-442f-a2b4-f04de61ef0ce", "appId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "appDisplayName": "Azure Portal", "ipAddress": "72.43.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "displayName": "", "operatingSystem": "MacOs", "browser": "Chrome 114.0.0"}, "location": {"city": "New York", "state": "New York", "countryOrRegion": "US", "geoCoordinates": {"latitude": 40.756160736083984, "longitude": -73.99697875976562}}, "mfaDetail": {}, "correlationId": "f99e3397-4b4d-4956-b266-ed161cc5b678", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": [], "enforcedSessionControls": [], "result": "success", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "82a020f2-3090-4ab7-abe5-1d14bebb0100", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Login Hint Present", "value": "True"}, {"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 382, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [{"authenticationStepDateTime": "2023-07-24T20:53:34.5255831+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "First factor requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 0}], "authenticationRequirementPolicies": [], "sessionLifetimePolicies": [], "authenticationRequirement": "singleFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "b2bCollaboration", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "8iCggpAwt0qr5R0UvrsBAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0, "managedIdentityType": "none"}}