{"time": "2023-10-24T20:13:31.4449614Z", "resourceId": "/tenants/887c9144-28b8-431b-885b-764fdeefcf62/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "resultType": "50076", "resultSignature": "None", "resultDescription": "Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access the resource.", "durationMs": 0, "callerIpAddress": "1.2.3.4", "correlationId": "1f577997-0710-4bd4-848e-5854f748f7dc", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "22608a25-1d9b-44b5-b0f2-cb94f06b2d00", "createdDateTime": "2023-10-24T20:01:11.9490387+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "1b730954-1685-4b74-9bfd-dac224a7b894", "appDisplayName": "Azure Active Directory PowerShell", "ipAddress": "1.2.3.4", "status": {"errorCode": 50076, "failureReason": "Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access the resource.", "additionalDetails": "MFA required in Azure AD"}, "clientAppUsed": "Mobile Apps and Desktop clients", "userAgent": "Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.22621.2428", "deviceDetail": {"deviceId": "", "operatingSystem": "Windows"}, "location": {"city": "Rochester", "state": "New York", "countryOrRegion": "US", "geoCoordinates": {"latitude": 20.756160123483984, "longitude": -73.99697875976562}}, "mfaDetail": {}, "correlationId": "1f577997-0710-4bd4-848e-5854f748f7dc", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "22608a25-1d9b-44b5-b0f2-cb94f06b2d00", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 72, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Active Directory", "resourceId": "00000002-0000-0000-c000-000000000000", "resourceTenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "homeTenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "tenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-24T20:01:11.9490387+00:00", "authenticationMethod": "Password", "authenticationMethodDetail": "Password in the cloud", "succeeded": true, "authenticationStepResultDetail": "Correct password", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 1}, {"authenticationStepDateTime": "2023-10-24T20:01:11.9490387+00:00", "succeeded": false, "authenticationStepResultDetail": "MFA required in Azure AD", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "user15@splunkresearch.onmicrosoft.com", "signInIdentifier": "user15@splunkresearch.onmicrosoft.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "JYpgIpsdtUSw8suU8GstAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "ropc", "appServicePrincipalId": null, "resourceServicePrincipalId": "56ad242f-e13b-47fc-8de8-19e3bf6f6575", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-24T20:13:29.7703452Z", "resourceId": "/tenants/887c9144-28b8-431b-885b-764fdeefcf62/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "resultType": "50074", "resultSignature": "None", "resultDescription": "Strong Authentication is required.", "durationMs": 0, "callerIpAddress": "1.2.3.4", "correlationId": "83b17275-b33d-7e00-fc79-4fbf5242d3ed", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "42a77f92-edc3-420b-b2d1-d1a72f333200", "createdDateTime": "2023-10-24T20:01:13.7317547+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "00000002-0000-0ff1-ce00-000000000000", "appDisplayName": "Office 365 Exchange Online", "ipAddress": "1.2.3.4", "status": {"errorCode": 50074, "failureReason": "Strong Authentication is required.", "additionalDetails": "MFA required in Azure AD"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56", "deviceDetail": {"deviceId": "", "operatingSystem": "Windows10", "browser": "Edge 107.0.1418"}, "location": {"city": "Rochester", "state": "New York", "countryOrRegion": "US", "geoCoordinates": {"latitude": 20.756160123483984, "longitude": -73.99697875976562}}, "mfaDetail": {}, "correlationId": "83b17275-b33d-7e00-fc79-4fbf5242d3ed", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "42a77f92-edc3-420b-b2d1-d1a72f333200", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 103, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Office 365 Exchange Online", "resourceId": "00000002-0000-0ff1-ce00-000000000000", "resourceTenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "homeTenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "tenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-24T20:01:13.7317547+00:00", "authenticationMethod": "Password", "authenticationMethodDetail": "Password in the cloud", "succeeded": true, "authenticationStepResultDetail": "Correct password", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 1}, {"authenticationStepDateTime": "2023-10-24T20:01:13.7317547+00:00", "succeeded": false, "authenticationStepResultDetail": "MFA required in Azure AD", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "user15@splunkresearch.onmicrosoft.com", "signInIdentifier": "user15@splunkresearch.onmicrosoft.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "kn-nQsPtC0Ky0dGnLzMyAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "8429eb5c-faeb-4ade-8eac-acc003790769", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-24T20:12:38.1653753Z", "resourceId": "/tenants/887c9144-28b8-431b-885b-764fdeefcf62/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "resultType": "50074", "resultSignature": "None", "resultDescription": "Strong Authentication is required.", "durationMs": 0, "callerIpAddress": "1.2.3.4", "correlationId": "dd5aaf20-53c0-031e-b523-b26c7d82e7e2", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "a627eda3-f254-471c-a1a2-6c72b3ef2d00", "createdDateTime": "2023-10-24T20:01:22.6308647+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "00000002-0000-0ff1-ce00-000000000000", "appDisplayName": "Office 365 Exchange Online", "ipAddress": "1.2.3.4", "status": {"errorCode": 50074, "failureReason": "Strong Authentication is required.", "additionalDetails": "MFA required in Azure AD"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Mobile; Windows Phone 8.1; Android 4.0; ARM; Trident/7.0; Touch; rv:11.0; IEMobile/11.0; NOKIA; Lumia 635) like iPhone OS 7_0_3 Mac OS X AppleWebKit/537 (KHTML, like Gecko) Mobile Safari/537", "deviceDetail": {"deviceId": "", "operatingSystem": "WindowsPhone", "browser": "Android 4.0"}, "location": {"city": "Rochester", "state": "New York", "countryOrRegion": "US", "geoCoordinates": {"latitude": 20.756160123483984, "longitude": -73.99697875976562}}, "mfaDetail": {}, "correlationId": "dd5aaf20-53c0-031e-b523-b26c7d82e7e2", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "a627eda3-f254-471c-a1a2-6c72b3ef2d00", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 94, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Office 365 Exchange Online", "resourceId": "00000002-0000-0ff1-ce00-000000000000", "resourceTenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "homeTenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "tenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-24T20:01:22.6308647+00:00", "authenticationMethod": "Password", "authenticationMethodDetail": "Password in the cloud", "succeeded": true, "authenticationStepResultDetail": "Correct password", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 1}, {"authenticationStepDateTime": "2023-10-24T20:01:22.6308647+00:00", "succeeded": false, "authenticationStepResultDetail": "MFA required in Azure AD", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "user15@splunkresearch.onmicrosoft.com", "signInIdentifier": "user15@splunkresearch.onmicrosoft.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "o-0nplTyHEehomxys-8tAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "8429eb5c-faeb-4ade-8eac-acc003790769", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-24T20:12:37.7278419Z", "resourceId": "/tenants/887c9144-28b8-431b-885b-764fdeefcf62/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "resultType": "50074", "resultSignature": "None", "resultDescription": "Strong Authentication is required.", "durationMs": 0, "callerIpAddress": "1.2.3.4", "correlationId": "be59db3e-de3d-8122-9582-f28aaacc505f", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "c9cc5a0e-e8ce-403b-ab8d-53577f632f00", "createdDateTime": "2023-10-24T20:01:18.8635898+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "00000002-0000-0ff1-ce00-000000000000", "appDisplayName": "Office 365 Exchange Online", "ipAddress": "1.2.3.4", "status": {"errorCode": 50074, "failureReason": "Strong Authentication is required.", "additionalDetails": "MFA required in Azure AD"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Mobile Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "Android", "browser": "Chrome Mobile 85.0.4183"}, "location": {"city": "Rochester", "state": "New York", "countryOrRegion": "US", "geoCoordinates": {"latitude": 20.756160123483984, "longitude": -73.99697875976562}}, "mfaDetail": {}, "correlationId": "be59db3e-de3d-8122-9582-f28aaacc505f", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "c9cc5a0e-e8ce-403b-ab8d-53577f632f00", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 117, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Office 365 Exchange Online", "resourceId": "00000002-0000-0ff1-ce00-000000000000", "resourceTenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "homeTenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "tenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-24T20:01:18.8635898+00:00", "authenticationMethod": "Password", "authenticationMethodDetail": "Password in the cloud", "succeeded": true, "authenticationStepResultDetail": "Correct password", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 1}, {"authenticationStepDateTime": "2023-10-24T20:01:18.8635898+00:00", "succeeded": false, "authenticationStepResultDetail": "MFA required in Azure AD", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "user15@splunkresearch.onmicrosoft.com", "signInIdentifier": "user15@splunkresearch.onmicrosoft.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "DlrMyc7oO0CrjVNXf2MvAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "8429eb5c-faeb-4ade-8eac-acc003790769", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-24T20:12:37.4934552Z", "resourceId": "/tenants/887c9144-28b8-431b-885b-764fdeefcf62/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "resultType": "50074", "resultSignature": "None", "resultDescription": "Strong Authentication is required.", "durationMs": 0, "callerIpAddress": "1.2.3.4", "correlationId": "1451f887-74ab-3087-d834-0add56148648", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "9b0971c1-e17c-46e5-b69c-5a85445a2300", "createdDateTime": "2023-10-24T20:01:16.9975833+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "00000002-0000-0ff1-ce00-000000000000", "appDisplayName": "Office 365 Exchange Online", "ipAddress": "1.2.3.4", "status": {"errorCode": 50074, "failureReason": "Strong Authentication is required.", "additionalDetails": "MFA required in Azure AD"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.1.2 Safari/605.1.15", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Safari 11.1.2"}, "location": {"city": "Rochester", "state": "New York", "countryOrRegion": "US", "geoCoordinates": {"latitude": 20.756160123483984, "longitude": -73.99697875976562}}, "mfaDetail": {}, "correlationId": "1451f887-74ab-3087-d834-0add56148648", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "9b0971c1-e17c-46e5-b69c-5a85445a2300", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 147, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Office 365 Exchange Online", "resourceId": "00000002-0000-0ff1-ce00-000000000000", "resourceTenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "homeTenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "tenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-24T20:01:16.9975833+00:00", "authenticationMethod": "Password", "authenticationMethodDetail": "Password in the cloud", "succeeded": true, "authenticationStepResultDetail": "Correct password", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 1}, {"authenticationStepDateTime": "2023-10-24T20:01:16.9975833+00:00", "succeeded": false, "authenticationStepResultDetail": "MFA required in Azure AD", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "user15@splunkresearch.onmicrosoft.com", "signInIdentifier": "user15@splunkresearch.onmicrosoft.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "wXEJm3zh5Ua2nFqFRFojAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "8429eb5c-faeb-4ade-8eac-acc003790769", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-24T20:12:22.7999128Z", "resourceId": "/tenants/887c9144-28b8-431b-885b-764fdeefcf62/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "resultType": "50074", "resultSignature": "None", "resultDescription": "Strong Authentication is required.", "durationMs": 0, "callerIpAddress": "1.2.3.4", "correlationId": "f2b4f1e7-42ea-e7d0-1c2d-4757aae1b614", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "a6511370-6064-46a5-b74f-efecf3e53500", "createdDateTime": "2023-10-24T20:01:15.3862432+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "00000002-0000-0ff1-ce00-000000000000", "appDisplayName": "Office 365 Exchange Online", "ipAddress": "1.2.3.4", "status": {"errorCode": 50074, "failureReason": "Strong Authentication is required.", "additionalDetails": "MFA required in Azure AD"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0", "deviceDetail": {"deviceId": "", "operatingSystem": "Linux", "browser": "Firefox 24.0"}, "location": {"city": "Rochester", "state": "New York", "countryOrRegion": "US", "geoCoordinates": {"latitude": 20.756160123483984, "longitude": -73.99697875976562}}, "mfaDetail": {}, "correlationId": "f2b4f1e7-42ea-e7d0-1c2d-4757aae1b614", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "a6511370-6064-46a5-b74f-efecf3e53500", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 133, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Office 365 Exchange Online", "resourceId": "00000002-0000-0ff1-ce00-000000000000", "resourceTenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "homeTenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "tenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-24T20:01:15.3862432+00:00", "authenticationMethod": "Password", "authenticationMethodDetail": "Password in the cloud", "succeeded": true, "authenticationStepResultDetail": "Correct password", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 1}, {"authenticationStepDateTime": "2023-10-24T20:01:15.3862432+00:00", "succeeded": false, "authenticationStepResultDetail": "MFA required in Azure AD", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "user15@splunkresearch.onmicrosoft.com", "signInIdentifier": "user15@splunkresearch.onmicrosoft.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "cBNRpmRgpUa3T-_s8-U1AA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "8429eb5c-faeb-4ade-8eac-acc003790769", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-24T20:11:34.3039076Z", "resourceId": "/tenants/887c9144-28b8-431b-885b-764fdeefcf62/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "resultType": "50074", "resultSignature": "None", "resultDescription": "Strong Authentication is required.", "durationMs": 0, "callerIpAddress": "1.2.3.4", "correlationId": "c49b1575-9797-33f5-3c89-ab1c13435fe3", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "835515be-e52c-4481-897d-eac80de63a00", "createdDateTime": "2023-10-24T20:01:20.6975682+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "00000002-0000-0ff1-ce00-000000000000", "appDisplayName": "Office 365 Exchange Online", "ipAddress": "1.2.3.4", "status": {"errorCode": 50074, "failureReason": "Strong Authentication is required.", "additionalDetails": "MFA required in Azure AD"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (iPhone; CPU iPhone OS 12_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1 Mobile/15E148 Safari/604.1", "deviceDetail": {"deviceId": "", "operatingSystem": "Ios", "browser": "Mobile Safari 12.1"}, "location": {"city": "Rochester", "state": "New York", "countryOrRegion": "US", "geoCoordinates": {"latitude": 20.756160123483984, "longitude": -73.99697875976562}}, "mfaDetail": {}, "correlationId": "c49b1575-9797-33f5-3c89-ab1c13435fe3", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "835515be-e52c-4481-897d-eac80de63a00", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 124, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Office 365 Exchange Online", "resourceId": "00000002-0000-0ff1-ce00-000000000000", "resourceTenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "homeTenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "tenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-24T20:01:20.6975682+00:00", "authenticationMethod": "Password", "authenticationMethodDetail": "Password in the cloud", "succeeded": true, "authenticationStepResultDetail": "Correct password", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 1}, {"authenticationStepDateTime": "2023-10-24T20:01:20.6975682+00:00", "succeeded": false, "authenticationStepResultDetail": "MFA required in Azure AD", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "user15@splunkresearch.onmicrosoft.com", "signInIdentifier": "user15@splunkresearch.onmicrosoft.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "vhVVgyzlgUSJferIDeY6AA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "8429eb5c-faeb-4ade-8eac-acc003790769", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-24T20:11:26.0064640Z", "resourceId": "/tenants/887c9144-28b8-431b-885b-764fdeefcf62/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "resultType": "50076", "resultSignature": "None", "resultDescription": "Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access the resource.", "durationMs": 0, "callerIpAddress": "1.2.3.4", "correlationId": "a531d29a-80d7-4a8c-9017-80f36c33d089", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "90078e70-c661-4ce4-ab28-ec84e6453700", "createdDateTime": "2023-10-24T20:01:12.2978418+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "1950a258-227b-4e31-a9cf-717495945fc2", "appDisplayName": "Microsoft Azure PowerShell", "ipAddress": "1.2.3.4", "status": {"errorCode": 50076, "failureReason": "Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access the resource.", "additionalDetails": "MFA required in Azure AD"}, "clientAppUsed": "Mobile Apps and Desktop clients", "userAgent": "Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.22621.2428", "deviceDetail": {"deviceId": "", "operatingSystem": "Windows"}, "location": {"city": "Rochester", "state": "New York", "countryOrRegion": "US", "geoCoordinates": {"latitude": 20.756160123483984, "longitude": -73.99697875976562}}, "mfaDetail": {}, "correlationId": "a531d29a-80d7-4a8c-9017-80f36c33d089", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "90078e70-c661-4ce4-ab28-ec84e6453700", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 114, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "homeTenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "tenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-24T20:01:12.2978418+00:00", "authenticationMethod": "Password", "authenticationMethodDetail": "Password in the cloud", "succeeded": true, "authenticationStepResultDetail": "Correct password", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 1}, {"authenticationStepDateTime": "2023-10-24T20:01:12.2978418+00:00", "succeeded": false, "authenticationStepResultDetail": "MFA required in Azure AD", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "user15@splunkresearch.onmicrosoft.com", "signInIdentifier": "user15@splunkresearch.onmicrosoft.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "cI4HkGHG5EyrKOyE5kU3AA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "ropc", "appServicePrincipalId": null, "resourceServicePrincipalId": "01e130b0-1e1e-4215-b927-41a76d3b8c17", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-24T20:11:12.0064640Z", "resourceId": "/tenants/887c9144-28b8-431b-885b-764fdeefcf62/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "resultType": "50076", "resultSignature": "None", "resultDescription": "Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access the resource.", "durationMs": 0, "callerIpAddress": "1.2.3.4", "correlationId": "a531d29a-80d7-4a8c-9017-80f36c33d089", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "90078e70-c661-4ce4-ab28-ec84e6453700", "createdDateTime": "2023-10-24T20:01:12.2978418+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "1950a258-227b-4e31-a9cf-717495945fc2", "appDisplayName": "Microsoft Azure PowerShell", "ipAddress": "1.2.3.4", "status": {"errorCode": 50076, "failureReason": "Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access the resource.", "additionalDetails": "MFA required in Azure AD"}, "clientAppUsed": "Mobile Apps and Desktop clients", "userAgent": "Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.22621.2428", "deviceDetail": {"deviceId": "", "operatingSystem": "Windows"}, "location": {"city": "Rochester", "state": "New York", "countryOrRegion": "US", "geoCoordinates": {"latitude": 20.756160123483984, "longitude": -73.99697875976562}}, "mfaDetail": {}, "correlationId": "a531d29a-80d7-4a8c-9017-80f36c33d089", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "90078e70-c661-4ce4-ab28-ec84e6453700", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 114, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "homeTenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "tenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-24T20:01:12.2978418+00:00", "authenticationMethod": "Password", "authenticationMethodDetail": "Password in the cloud", "succeeded": true, "authenticationStepResultDetail": "Correct password", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 1}, {"authenticationStepDateTime": "2023-10-24T20:01:12.2978418+00:00", "succeeded": false, "authenticationStepResultDetail": "MFA required in Azure AD", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "user15@splunkresearch.onmicrosoft.com", "signInIdentifier": "user15@splunkresearch.onmicrosoft.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "cI4HkGHG5EyrKOyE5kU3AA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "ropc", "appServicePrincipalId": null, "resourceServicePrincipalId": "01e130b0-1e1e-4215-b927-41a76d3b8c17", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-24T20:11:02.0064640Z", "resourceId": "/tenants/887c9144-28b8-431b-885b-764fdeefcf62/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "resultType": "50076", "resultSignature": "None", "resultDescription": "Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access the resource.", "durationMs": 0, "callerIpAddress": "1.2.3.4", "correlationId": "a531d29a-80d7-4a8c-9017-80f36c33d089", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "90078e70-c661-4ce4-ab28-ec84e6453700", "createdDateTime": "2023-10-24T20:01:12.2978418+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "1950a258-227b-4e31-a9cf-717495945fc2", "appDisplayName": "Microsoft Azure PowerShell", "ipAddress": "1.2.3.4", "status": {"errorCode": 50076, "failureReason": "Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access the resource.", "additionalDetails": "MFA required in Azure AD"}, "clientAppUsed": "Mobile Apps and Desktop clients", "userAgent": "Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.22621.2428", "deviceDetail": {"deviceId": "", "operatingSystem": "Windows"}, "location": {"city": "Rochester", "state": "New York", "countryOrRegion": "US", "geoCoordinates": {"latitude": 20.756160123483984, "longitude": -73.99697875976562}}, "mfaDetail": {}, "correlationId": "a531d29a-80d7-4a8c-9017-80f36c33d089", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "90078e70-c661-4ce4-ab28-ec84e6453700", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 114, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "homeTenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "tenantId": "887c9144-28b8-431b-885b-764fdeefcf62", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-24T20:01:12.2978418+00:00", "authenticationMethod": "Password", "authenticationMethodDetail": "Password in the cloud", "succeeded": true, "authenticationStepResultDetail": "Correct password", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 1}, {"authenticationStepDateTime": "2023-10-24T20:01:12.2978418+00:00", "succeeded": false, "authenticationStepResultDetail": "MFA required in Azure AD", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "user15@splunkresearch.onmicrosoft.com", "signInIdentifier": "user15@splunkresearch.onmicrosoft.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "cI4HkGHG5EyrKOyE5kU3AA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "ropc", "appServicePrincipalId": null, "resourceServicePrincipalId": "01e130b0-1e1e-4215-b927-41a76d3b8c17", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}}