{"time": "2023-07-31T19:11:43.5984748Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "35.155.135.6", "correlationId": "f48310c3-8f1d-498f-b69b-c5097a7c113b", "identity": "hereiam", "Level": 4, "location": "US", "properties": {"id": "bdd2fa28-0f2b-44c6-b708-74aa535c9a00", "createdDateTime": "2023-07-31T19:08:17.9144404+00:00", "userDisplayName": "hereiam", "userPrincipalName": "hereiamr@splunkresearch.com", "userId": "728989f4-eb3d-45c2-8741-2f2af4e485ce", "appId": "1950a258-227b-4e31-a9cf-717495945fc2", "appDisplayName": "Microsoft Azure PowerShell", "ipAddress": "35.155.135.6", "status": {"errorCode": 0, "additionalDetails": "MFA completed in Azure AD"}, "clientAppUsed": "Mobile Apps and Desktop clients", "userAgent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E)", "deviceDetail": {"deviceId": "", "operatingSystem": "Windows10", "browser": "IE 7.0"}, "location": {"city": "Boardman", "state": "Oregon", "countryOrRegion": "US", "geoCoordinates": {"latitude": 45.83599853515625, "longitude": -119.6989974975586}}, "mfaDetail": {"authMethod": "Text message", "authDetail": "+X XXXXXXXX92"}, "correlationId": "f48310c3-8f1d-498f-b69b-c5097a7c113b", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "success", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "bdd2fa28-0f2b-44c6-b708-74aa535c9a00", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 85, "riskDetail": "userPassedMFADrivenByRiskBasedPolicy", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "low", "riskState": "remediated", "riskEventTypes": ["unfamiliarFeatures"], "riskEventTypes_v2": ["unfamiliarFeatures"], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [{"authenticationStepDateTime": "2023-07-31T19:08:17.9144404+00:00", "authenticationMethod": "Password", "authenticationMethodDetail": "Password in the cloud", "succeeded": true, "authenticationStepResultDetail": "Correct password", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 1}, {"authenticationStepDateTime": "2023-07-31T19:08:17.9144404+00:00", "authenticationMethod": "Text message", "authenticationMethodDetail": "+X XXXXXXXX11", "succeeded": true, "authenticationStepResultDetail": "MFA completed in Azure AD", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "hereiamr@splunkresearch.com", "signInIdentifier": "hereiamr@splunkresearch.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 16509, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "KPrSvSsPxkS3CHSqU1yaAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}}
{"time": "2023-07-31T19:11:20.7569353Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "35.155.135.6", "correlationId": "f48310c3-8f1d-498f-b69b-c5097a7c113b", "identity": "hereiam", "Level": 4, "location": "US", "properties": {"id": "bdd2fa28-0f2b-44c6-b708-74aa535c9a00", "createdDateTime": "2023-07-31T19:08:17.9144404+00:00", "userDisplayName": "hereiam", "userPrincipalName": "hereiamr@splunkresearch.com", "userId": "728989f4-eb3d-45c2-8741-2f2af4e485ce", "appId": "1950a258-227b-4e31-a9cf-717495945fc2", "appDisplayName": "Microsoft Azure PowerShell", "ipAddress": "35.155.135.6", "status": {"errorCode": 0, "additionalDetails": "MFA completed in Azure AD"}, "clientAppUsed": "Mobile Apps and Desktop clients", "userAgent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E)", "deviceDetail": {"deviceId": "", "operatingSystem": "Windows10", "browser": "IE 7.0"}, "location": {"city": "Boardman", "state": "Oregon", "countryOrRegion": "US", "geoCoordinates": {"latitude": 45.83599853515625, "longitude": -119.6989974975586}}, "mfaDetail": {"authMethod": "Text message", "authDetail": "+X XXXXXXXX92"}, "correlationId": "f48310c3-8f1d-498f-b69b-c5097a7c113b", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "success", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "bdd2fa28-0f2b-44c6-b708-74aa535c9a00", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 85, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "low", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [{"authenticationStepDateTime": "2023-07-31T19:08:17.9144404+00:00", "authenticationMethod": "Password", "authenticationMethodDetail": "Password in the cloud", "succeeded": true, "authenticationStepResultDetail": "Correct password", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 1}, {"authenticationStepDateTime": "2023-07-31T19:08:17.9144404+00:00", "authenticationMethod": "Text message", "authenticationMethodDetail": "+X XXXXXXXX92", "succeeded": true, "authenticationStepResultDetail": "MFA completed in Azure AD", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "hereiamr@splunkresearch.com", "signInIdentifier": "hereiamr@splunkresearch.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 16509, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "KPrSvSsPxkS3CHSqU1yaAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}}
{"time": "2023-07-31T19:11:01.0374017Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "50074", "resultSignature": "None", "resultDescription": "Strong Authentication is required.", "durationMs": 0, "callerIpAddress": "35.155.135.6", "correlationId": "f48310c3-8f1d-498f-b69b-c5097a7c113b", "identity": "hereiam", "Level": 4, "location": "US", "properties": {"id": "bdd2fa28-0f2b-44c6-b708-74aa535c9a00", "createdDateTime": "2023-07-31T19:07:58.2154859+00:00", "userDisplayName": "hereiam", "userPrincipalName": "hereiamr@splunkresearch.com", "userId": "728989f4-eb3d-45c2-8741-2f2af4e485ce", "appId": "1950a258-227b-4e31-a9cf-717495945fc2", "appDisplayName": "Microsoft Azure PowerShell", "ipAddress": "35.155.135.6", "status": {"errorCode": 50074, "failureReason": "Strong Authentication is required.", "additionalDetails": "MFA successfully completed"}, "clientAppUsed": "Mobile Apps and Desktop clients", "userAgent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E)", "deviceDetail": {"deviceId": "", "operatingSystem": "Windows10", "browser": "IE 7.0"}, "location": {"city": "Boardman", "state": "Oregon", "countryOrRegion": "US", "geoCoordinates": {"latitude": 45.83599853515625, "longitude": -119.6989974975586}}, "mfaDetail": {"authMethod": "Text message"}, "correlationId": "f48310c3-8f1d-498f-b69b-c5097a7c113b", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "failure", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "bdd2fa28-0f2b-44c6-b708-74aa535c9a00", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 92, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "low", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [{"authenticationStepDateTime": "2023-07-31T19:07:58.2154859+00:00", "authenticationMethod": "Password", "authenticationMethodDetail": "Password in the cloud", "succeeded": true, "authenticationStepResultDetail": "Correct password", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 1}, {"authenticationStepDateTime": "2023-07-31T19:07:58.2154859+00:00", "authenticationMethod": "Text message", "succeeded": true, "authenticationStepResultDetail": "MFA successfully completed", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "hereiamr@splunkresearch.com", "signInIdentifier": "hereiamr@splunkresearch.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 16509, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "KPrSvSsPxkS3CHSqU1yaAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}}
{"time": "2023-07-31T19:10:45.8109424Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "50074", "resultSignature": "None", "resultDescription": "Strong Authentication is required.", "durationMs": 0, "callerIpAddress": "35.155.135.6", "correlationId": "f48310c3-8f1d-498f-b69b-c5097a7c113b", "identity": "hereiam", "Level": 4, "location": "US", "properties": {"id": "bdd2fa28-0f2b-44c6-b708-74aa535c9a00", "createdDateTime": "2023-07-31T19:07:58.2154859+00:00", "userDisplayName": "hereiam", "userPrincipalName": "hereiamr@splunkresearch.com", "userId": "728989f4-eb3d-45c2-8741-2f2af4e485ce", "appId": "1950a258-227b-4e31-a9cf-717495945fc2", "appDisplayName": "Microsoft Azure PowerShell", "ipAddress": "35.155.135.6", "status": {"errorCode": 50074, "failureReason": "Strong Authentication is required.", "additionalDetails": "MFA required in Azure AD"}, "clientAppUsed": "Mobile Apps and Desktop clients", "userAgent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E)", "deviceDetail": {"deviceId": "", "operatingSystem": "Windows10", "browser": "IE 7.0"}, "location": {"city": "Boardman", "state": "Oregon", "countryOrRegion": "US", "geoCoordinates": {"latitude": 45.83599853515625, "longitude": -119.6989974975586}}, "mfaDetail": {}, "correlationId": "f48310c3-8f1d-498f-b69b-c5097a7c113b", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "failure", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "bdd2fa28-0f2b-44c6-b708-74aa535c9a00", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 92, "riskDetail": "none", "riskLevelAggregated": "low", "riskLevelDuringSignIn": "low", "riskState": "atRisk", "riskEventTypes": ["unfamiliarFeatures"], "riskEventTypes_v2": ["unfamiliarFeatures"], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [{"authenticationStepDateTime": "2023-07-31T19:07:58.2154859+00:00", "authenticationMethod": "Password", "authenticationMethodDetail": "Password in the cloud", "succeeded": true, "authenticationStepResultDetail": "Correct password", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 1}, {"authenticationStepDateTime": "2023-07-31T19:07:58.2154859+00:00", "succeeded": false, "authenticationStepResultDetail": "MFA required in Azure AD", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "hereiamr@splunkresearch.com", "signInIdentifier": "hereiamr@splunkresearch.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 16509, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "KPrSvSsPxkS3CHSqU1yaAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}}
{"time": "2023-07-31T19:10:09.4975739Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "50074", "resultSignature": "None", "resultDescription": "Strong Authentication is required.", "durationMs": 0, "callerIpAddress": "35.155.135.6", "correlationId": "f48310c3-8f1d-498f-b69b-c5097a7c113b", "identity": "hereiam", "Level": 4, "location": "US", "properties": {"id": "bdd2fa28-0f2b-44c6-b708-74aa535c9a00", "createdDateTime": "2023-07-31T19:07:58.2154859+00:00", "userDisplayName": "hereiam", "userPrincipalName": "hereiamr@splunkresearch.com", "userId": "728989f4-eb3d-45c2-8741-2f2af4e485ce", "appId": "1950a258-227b-4e31-a9cf-717495945fc2", "appDisplayName": "Microsoft Azure PowerShell", "ipAddress": "35.155.135.6", "status": {"errorCode": 50074, "failureReason": "Strong Authentication is required.", "additionalDetails": "MFA required in Azure AD"}, "clientAppUsed": "Mobile Apps and Desktop clients", "userAgent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E)", "deviceDetail": {"deviceId": "", "operatingSystem": "Windows10", "browser": "IE 7.0"}, "location": {"city": "Boardman", "state": "Oregon", "countryOrRegion": "US", "geoCoordinates": {"latitude": 45.83599853515625, "longitude": -119.6989974975586}}, "mfaDetail": {}, "correlationId": "f48310c3-8f1d-498f-b69b-c5097a7c113b", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "failure", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "bdd2fa28-0f2b-44c6-b708-74aa535c9a00", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 92, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "low", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [{"authenticationStepDateTime": "2023-07-31T19:07:58.2154859+00:00", "authenticationMethod": "Password", "authenticationMethodDetail": "Password in the cloud", "succeeded": true, "authenticationStepResultDetail": "Correct password", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 1}, {"authenticationStepDateTime": "2023-07-31T19:07:58.2154859+00:00", "succeeded": false, "authenticationStepResultDetail": "MFA required in Azure AD", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "hereiamr@splunkresearch.com", "signInIdentifier": "hereiamr@splunkresearch.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 16509, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "KPrSvSsPxkS3CHSqU1yaAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}}