{"time": "2024-01-29T21:33:00.6453498Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "ServicePrincipalSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.97.19", "correlationId": "762f1675-9bb1-4af6-bd63-0228a71e758b", "Level": 4, "location": "US", "properties": {"id": "5f48da56-9449-4002-8b78-c2c406732e00", "createdDateTime": "2024-01-29T21:31:08.3639198+00:00", "userId": null, "appId": "2f7d225e-ae9b-478c-842b-1716c08f3384", "ipAddress": "120.1.97.19", "status": {"errorCode": 0}, "location": {"city": "Boardman", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 145.83599853515625, "longitude": -19.698997497558594}}, "correlationId": "762f1675-9bb1-4af6-bd63-0228a71e758b", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "isInteractive": false, "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Azure AD App Authentication Library", "value": ""}], "clientCredentialType": "none", "processingTimeInMilliseconds": 0, "riskDetail": "none", "riskLevelAggregated": "low", "riskLevelDuringSignIn": "low", "riskState": "none", "resourceDisplayName": "Microsoft Graph", "resourceId": "00000003-0000-0000-c000-000000000000", "servicePrincipalName": "Research", "servicePrincipalId": "60ee4f4e-9221-479c-92df-4c97cb5e2f9d", "flaggedForReview": false, "isTenantRestricted": false, "crossTenantAccessType": "none", "servicePrincipalCredentialKeyId": "409fa253-45ce-4321-b519-c01de5fe084e", "uniqueTokenIdentifier": "VtpIX0mUAkCLeMLEBnMuAA", "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "ce7199b4-8f52-46f3-b54b-4fd81de961e2", "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}}
{"time": "2024-01-29T21:32:53.2962780Z", "resourceId": "/TENANTS/A417C578-C7EE-480D-A225-D48057E74DF5/PROVIDERS/MICROSOFT.AADIAM", "operationName": "Microsoft Graph Activity", "operationVersion": "beta", "category": "MicrosoftGraphActivityLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultSignature": "200", "durationMs": 523558, "callerIpAddress": "20.36.155.172", "correlationId": "c1e4418b-b1ff-483e-8db1-cf1f3a38a21f", "Level": 4, "location": "East US 2", "properties": {"timeGenerated": "2024-01-29T21:32:53.296278Z", "location": "East US 2", "requestId": "c1e4418b-b1ff-483e-8db1-cf1f3a38a21f", "operationId": "c1e4418b-b1ff-483e-8db1-cf1f3a38a21f", "clientRequestId": "c1e4418b-b1ff-483e-8db1-cf1f3a38a21f", "apiVersion": "beta", "requestMethod": "GET", "responseStatusCode": 200, "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "ipAddress": "20.36.155.172", "userAgent": "", "requestUri": "https://graph.microsoft.com/beta/users/microsoft.graph.delta()?$deltatoken=SlrLaHnMv1yc5V63KoyKi9fkFgsToa6jr5ZBw43uMPmkbpeFPswUQBYZ6K7fIaL4yKiEOINxXC8VZBawjXotYwY9k2ISSKmngiGFyi6qr178SstKmQiD1Krwu5pFshe6dMVmH3yzH16LPcBG8lJ7pM7d0PDBZhTi1iloZiNOhutSwc0EeXNM0qgjRi3rPxK596cdphJ7qUFxLycsTgehpT209D3BhjBjMVtHIdYGQz8t5s0wjzdM1qrjs6etXuWl5wAOZaRnylpslCVyCCYUHtMNSvLpG9sEsra8CL2EpH9tgES-nmmIRuDSvCJFaVjmUOp4NFQBO7vkS82qLjH59J4oA69rDsa64Wg8KEhlWZZW_YUqGnTJpgBhB2vi6SjIJERZKzaVpZZylg8eTslaJO2ZzktPd-uPqfMRlp4fdX3SfW-5qRZFziiXfn6Vep91XdiGctThDSyvgk6UPCXS6_W3nyCx5w8OIVSq2uKn9MRSMCcpW-if2pSvwv9nv9YjFdix9AZGIZsQhCrD3v4nr1RyY0DCu_QDIzhoH3QHtZ30o1JOoLmwOAkz84EQv-OscR7TXaAuo_ORSwRxPdfiS-1k6adGO3F4-bpaPrjhh6R1tLoh3dXBnBmYuZuKq4OLLAHlLYEAlrOhKYt1xNnXCf6xf-3UN_4NkzMEJ78lsa2WJQuY1Csc2p7ofpIu9FMkgAC5v7m5sAePKjLFbYLwE9bslHA5Hx2HeniPcg_zhdglQ3Ji0CBEnpC1ramEqloiu7OYLQpgUTCkcFotNMFR06vwzSuBWhl2AdwiGYhFAIkVaRUheyst0lQQrUAT8sWHZms6QKVPvEG7_i3IKMd1fAXW3No8uqctM3v2NS-5-k1m812JOcNrnOeqmBi3EUzBeUpCxScWmSPCdTGNT6Wo4DrtKgx_LyCC6v0KmPHAZ2-G0NiqC7CfheTLPLe5zCklbAUi-iIA0RYuuRGZeIY_41-uK6OeEBBWFqrePX-lPywrlrPDUjl8cGXTrRs3QKWhBHYgS3xt1fqpuyWm-3Qg8WQRc9X-xS1cjGRgUir9nTqyqCu69mNY26P7U6hq_tAYdW4RM78Y8_Xw8Oc_zpPCBtn0--fNqCCpJrkGdB8PWGodYxSHwJgDnRaICw7maw9cObJUHUfXCXQPccB-h2W72j2X7JXzaWFSDc2BrhTN50zG6aWrkKQ154W77VMLRpGwaHTnG_SgFia8LnM3iiVYFGQehGZ17x1OBvCRaRNcHK7ehLGh-YPuv7pUSmL-rGHSNgBKq3tUydd9VrOWhzLDpAxYFT8q01remjADwg1wQ7CG0T5u0rgHTp5zITgjKdbgkjIVrzAuIisRr-0xzKFuswjgacR_X7bB3rCYC9HjGmkVRxGG5Q94HyEqMvOjQAJZHAl-g5fSmMXJlJyeeX8wanS27rNXn5twSsg2xJQEat_IwvUVYyUFTfBfpZpxtkJn7Cjj1vZTAVs8Qqk8wJbbl0ciUEE6YTrrrK5r4ZXmsyQueThZQBtXAbIKx1xPAt7q6snQ-dtYcmBSG2iWRdUZl3PXEWOm4jbnAYAUgcAXrsf4b7zI0e8sGMwAssNeQt62IsAuKVlpDuLh8xaJslZzEomuhb1xRrZFQeoQfODidVKXaWTBFu6UWXFQ6w451hu7m2E7zb5Shd1ttVrXfO597mVvRTQngB0d3xsu7Tg4FuGM0Xxc5y1OMay00X7n4p-4L0nkSjt8eJuX6xtvoDIydvdFDo25tmqCcjiVStzfqsO405nvPaBvHSjjHCRlS62MWyEMXGya7v60szZgSfz-FhPsZHfx04_cUswF1ozTBtsNOv6ap5ytuCDdEmpSm5D1otKKaKO-1Ps-nelES23L60g_aPyM6GOM6xCXoGKDmaGCtCSP5eQK-VmB0-oPW03isgPhEGqPz8SaxBEfbJs8KnqIGLQlmO6T80fq8_AzLAB2BA8d9OL8uGXhPkhGjfstjpJK0-cnKZI5GWlFNUZRNyEqWgY4FQJ4qCilW5SWuVwc6XZuLc_hfOZw4TPu611ISgvSHg1WHznJhEAEimH06ueSetycREI3COWnNgqTbEsLtAQozy8Sedc2rfyqcxw1MigtawvTXuI_dHmGxTsq8pkkh4eP6fE7IZ-WZoFHoeuVyuASAs98L2XxjhVklhD2cpW9SXP8oU-Q6RQ7q6f8A55oB3OEsZRYQorFDtZHT4R7fektS_mPycdCoTXKB1ekbhxSscAiT4gl9-eAGOGb6vGpyYA0gB0jzmLQxv2KNrjvA5BBm6iSNNQkGOElXzJJXq4xwWVAhuccwHX46zeD4xMQEYAvFHGtynpcvJ5UC03cRFvLCKtfBpK5QQ13MzAIDY5p4HmaULxTIj-D2aFVTY5ocZJNQUlAAmHEoEkKSf3PuLZZctMaZ3ln7hInn07UpcwTH1C9CbRfAVutaEoVx_E4bcJthbygGYS9I0YSJozZyVzBpn6S46Osb5Rc9LcbGV4CoDFUJeyfV_as-W_BmY7wgoBb_tySBzvTioGaLD9J6pVj_5E0BCSb_wR6C4ZeuEJzFFKH8s_k00MQ8q3XbVHXQV9hnY7nQry2vh4-HN70UBf5xecdr6iKf-xoo2TXj04BhkvOd6fkCUZTPDN_icXNoV3jGDXEHwkOPhUsKmksnzaPgSAFhA2Rz4NzRHAeZBWuBpYhyYsmVfjIopVbUcX0VNqBBbDBAwzg_5OoDtd9HXeTQL2VgitLuK5On20Vc_kvOlJEiXmrC7RjdYftnhGty0yk_a8KNUDV8bsxkgzZGAOQ-x8Svd64ILSZAyNB_iOIlzl0jDyg2TCfOpSaKw475rq4Oy51eALcH-bkhVODcjYBEIb3_yf0ABHrYmZP5DFFrgD1qqCKc_OAJfumPqFqV1A6w-a-SuHERjmj00yA2z_AHhv-cnugWlGrPPDZB7-Yn8znBVHdvaKJklglqNa7Ex3dAj_UrvL0eNqa-UHGGEGXuYERN_fbAEDsq5f3nh_J0j57tZ3qB1JLfWk-Hw.fqqGPhbY6TXIlI84-7XQhxIcEBteXCb2riA7FQEW9cc&$select=id%2CuserPrincipalName%2Ccity%2Ccountry%2CcreatedDateTime%2CdeletedDateTime%2Cdepartment%2CdisplayName%2CgivenName%2CaccountEnabled%2CjobTitle%2Cmail%2Cmanager%2ConPremisesDistinguishedName%2ConPremisesDomainName%2ConPremisesSamAccountName%2ConPremisesSecurityIdentifier%2ConPremisesUserPrincipalName%2CmobilePhone%2CbusinessPhones%2CsecurityIdentifier%2CstreetAddress%2Csurname", "durationMs": 523558, "responseSizeBytes": 3587, "signInActivityId": "XCCunHw9Okq6p0ZwKvVjAQ", "roles": "Application.Read.All GroupMember.Read.All RoleManagement.Read.Directory User.EnableDisableAccount.All User.Read.All", "tokenIssuedAt": "2024-01-29T21:27:53Z", "appId": "60ca1954-583c-4d1f-86de-39d835f3e452", "userId": null, "servicePrincipalId": "dfeae288-ce6e-4e7f-9e98-ee3d4874938a", "scopes": null, "identityProvider": "https://sts.windows.net/75243ab2-44f8-435c-a7a6-b479385df6d4/", "clientAuthMethod": "2", "wids": "0997a1d0-0d1d-4acb-b408-d5ca73121e90", "atContent": ""}}
{"time": "2024-01-29T21:32:50.7186867Z", "resourceId": "/TENANTS/A417C578-C7EE-480D-A225-D48057E74DF5/PROVIDERS/MICROSOFT.AADIAM", "operationName": "Microsoft Graph Activity", "operationVersion": "v1.0", "category": "MicrosoftGraphActivityLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultSignature": "200", "durationMs": 1924722, "callerIpAddress": "20.7.121.216", "correlationId": "b8c75516-c442-463c-9c20-4025b758dcfe", "Level": 4, "location": "East US 2", "properties": {"timeGenerated": "2024-01-29T21:32:50.7186867Z", "location": "East US 2", "requestId": "b8c75516-c442-463c-9c20-4025b758dcfe", "operationId": "b8c75516-c442-463c-9c20-4025b758dcfe", "clientRequestId": "b8c75516-c442-463c-9c20-4025b758dcfe", "apiVersion": "v1.0", "requestMethod": "GET", "responseStatusCode": 200, "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "ipAddress": "20.7.121.216", "userAgent": "", "requestUri": "https://graph.microsoft.com/v1.0/users/delta?$deltatoken=3CacgIUzvpFWPe0hE_62WqcO-NPn1zpoEeATZThQIZgUtrQm6Zuvm0mlX3w-lwxw25swYsJ3gfJQWnzdjwKEyq4zOrJlmZyEaclbEqXdFIx0DlJVMOnrM3fQITIFVLleCkM1MMg1BSiWHSXcIO8M27KK9yJHa5J_BeL-dpmlxZ7FVo0O7oWVokFSoWLS-blfn1-LJwk6-u2YHii4v_JDxZ0dnY3NY8TKwSxV-FIB7muwjbAEPCEs-EgeQjMt35FmVlTLDmWcTormDngxrVJbha8NnaLqzq14bksG7d4g4mmddkegUpLmDqIceJ85PmzwBeKy88-xdkgAesWzCSavtmgehp7j7w1_cXBHLad8GyETAtI6jSdjwevZLZdcCMyvN4WAHjnpOVv1M6S2kknf7fyuc_tJB4J6OpU-3e00docdJ_GyZ1K7bvsWVuvV-buXqVlIX7VGBPQL7ZsD-4v66VSgQcrqq3FCj5wwJsk1aQs0erxQIlA-PuS-Xxc7WkxqWovsTWcJNV5k0dgo47zATRE_EfouKLfwzE1rhcA4drz5OELy7BJGCj3vFKCDmFYbb5dOxJnDjy67S_PlzT6ejUc3KywIKWQlFltRahCUyZqLQzxo749Er9P-pLBIx1MoQOWuahGJSgwwhYWQUlXfARCSV1KAZ6AAMFtH0nNxH7cvmnzWBNJTLLuBRtlQv7AEZ5IpB3uelM8qedad1yzouRdqwoRs4kxXNzgOoak7ODA-dI6Sf5No3O7XjzWqn1sq2K-5wBjY0O3-gIk5pwHahlxJo6Vk2DvCCBYjUmBF14Rw3A9ehuPcMBfiM1H6H2uylNzYAg30UulpV6WPnXNDeWGf_9NFjA_JWSWGMgrVWy0yKTg7TSbhCta258HQk4Ku1hyol_4kydh4wJG_6f-zmeDX64m01LYiwLPqWbgusRTetkeGdhAG_YZ80lGCjmiXYS2gjssF_jmOQ4tn83yjjrrYtqApmtCHsZxHLCJvby6E5dZ52GMlh3sFsdUjz4sOWpax6E0zmf2SqI45cWbLPvm3QYwxllwF5jjRq1QNgxeiLAkHjE9hL1tqq_8l8Wi8hyserriGS3ZHF6yXx6pfjffr6Rd4XBymqX-s08fzVjtAPkIQw38GXOAy9erWCBi37qEZgesQquVEnkhLpdxKdwdXCBLKlApL0b94nmZ4quDuXrVGb0dh0wnWKrIQW2V8kK2dLcgmZgS5JNKvU90g3ma3xzGah7lr7Z30hO4R0OMWBKMu6Kf7VpwuMzzUzxL4lJu57t77ep_sFHlHe67fBU5ZYGYvQeJSkzDp6H5vMpSOkPmbfYKaZeQaJ9qGo-7AIKKOa2iBB2t-YBQtxk421t4JZWEo8dNeCd1ZSGb3Ufm2yyr3LZKB83oUneLiNUz7VQVVQ-3B6CCjk4Ipf6lhWdEB_ohLqaamRvHg2jffHORCc2N-bRF8QccNXqYvd39xIJQOZDA68LBbCUOZnpvHw0LIAhQ8GCrcgzEnvQXc7zU08MbJG966Fykni0cFxQL4-i1H3hTz68FUTXKn2jgDnrtgNzIEkdlTEO0UOj3kB3GsNoDpoxC6igRZDkPdsbnE6wJ1PALohuA8fGWcZPCI9KdzMXTTPS5tAZPFUhKAJHWpRrepb9M9-RWzi2CKpsjE3OR431grxfqkszOkyVOyYqi6dNwBYGJQPRPRG0gQBWmSeV91DsJnUbRI_dVLLiyGu4NQ7a3ELcCpDL39p57RxnAgDjS1PUyQTMZ1Du1KN77TSt5y-rDR-sTx1--I9IcFyXgpFIr-yMmsNpVIIkl6ZDcO2VZ1oBe36usHJ46mGR0LERACwQHjJRkM9_usmckWl5ZFqRdKQEU1YYTGUj9wRbXXjEzg9OQpbVpocg2e7kIHFZUJbYXJdyHWO05lyjwNVl2nAzpIfS2nvKlIaMAcA1f-tItnPzBHgxg7X2TYo3qiWGHIYYoNioUE43rRWP38PrkZMeX2e5csjr3CnKBv_VvLAcX5J1EQd7QqSAxGRIQAL8qugOykEU9rAZ0kr_ft0_SdYhap67VNo512UGUx7fhe-L8cbkU2diWF0YJkJwtFiUZLqg2k2Zh-UIFwnFPFi9nFrLC0q4FhKw8q-GBlx84LKo-B3N0ATmxKTemh3nPpn-tKRiR6tIojCY9cuT4wwRc5C6067Bijt63ghlFMPFCHw2FtN9qOZvcZm69L5g9qi9G3F9lF4JOxAEnLs9rUBi32j7vLQbmKpO3LlIY2N9LfpoCHeD2qzbCMhZBxC5EDX6_OOd-AfUZVjKXuHUVQ9jfjc5MyWgi0aoMOmny6rzZXFxfdfVZyvpwzxWWGNsjmRI5_9gI4yjGCRVsmCJR4AxXwRBW_2vd9fIg980N9espuDKL8eavYl21nVsEUUn-RVntQRJ-nHC_dXTsswTrq0oZlr0LQ8vfaE_Pw6C7rfMMjPL8PY_cEPArO3j_7ynfUBwGFB91o5y61H6aN6mrwBR2vLeYl1CZPzuwu7dHPT-8lyW8duFJhmrpY_HUnAa5xc5EsbfWrojVUe4LQERu5zmxsoZ2YE_hh6ydwtA4OxW-D_EZiv1Aa7TM3xsAXuAlnBxHGnWuYeOLiCo3xem38oIxGVarIjsc29mKJSTgb6gYmOKghIRXba-fawASSDz2UtAjKMneHMYNRFGrsE7bca-9Ppnow-MSpEK2StCMzPMs2vm0F0UXCMHYHpUUmwTRGAdWLGlgeVGvf7rdrdG47KYsW-GJdSL_h7wNzJRA3Fw3ivN8gdDv0ghTdsrSuqSwk9HB5g-2eTX_DPmhnx4wnS4oxS6vchbwJmdASch-UCBRlukDJy8DImPUXClt_X0mQoEzC3iwmwDwkO0m91H18Sf-6G0z7wUn5tspjRyXAydu4vF1uELR5Aqah_GXAp5UViNr-onuFeDD-dHlgjV3lMMfbekrky0gw7SZiszNsG6hj3m6KAk0btFSOIRj-5QmBYOByobvIFkjXBIzE54B6PMh9Yemgknrl4ReJiXtBpwifY1kbyRNEc_mIbhGeds4.QXqgfxyKXBfotud2QngEK2K5bXzoNzWUlBbBXL0-ZVE", "durationMs": 1924722, "responseSizeBytes": 3254, "signInActivityId": "UO_UJdNR40iaEcSLbTnSAA", "roles": "DeviceManagementApps.Read.All DeviceManagementApps.ReadWrite.All DeviceManagementConfiguration.Read.All DeviceManagementConfiguration.ReadWrite.All Organization.Read.All", "tokenIssuedAt": "2024-01-28T22:57:34Z", "appId": "8ee8fdad-f234-4243-8f3b-15c294843740", "userId": null, "servicePrincipalId": "4d6987a1-cf11-4d53-8571-aa67cbb4aa16", "scopes": null, "identityProvider": "https://sts.windows.net/75243ab2-44f8-435c-a7a6-b479385df6d4/", "clientAuthMethod": "2", "wids": "0997a1d0-0d1d-4acb-b408-d5ca73121e90", "atContent": ""}}
{"time": "2024-01-29T21:32:25.4927983Z", "resourceId": "/TENANTS/A417C578-C7EE-480D-A225-D48057E74DF5/PROVIDERS/MICROSOFT.AADIAM", "operationName": "Microsoft Graph Activity", "operationVersion": "v1.0", "category": "MicrosoftGraphActivityLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultSignature": "200", "durationMs": 436959, "callerIpAddress": "20.36.154.214", "correlationId": "1768532c-f4bf-41c9-b6bb-acdd94b1cb81", "Level": 4, "location": "East US 2", "properties": {"timeGenerated": "2024-01-29T21:32:25.4927983Z", "location": "East US 2", "requestId": "1768532c-f4bf-41c9-b6bb-acdd94b1cb81", "operationId": "1768532c-f4bf-41c9-b6bb-acdd94b1cb81", "clientRequestId": "1768532c-f4bf-41c9-b6bb-acdd94b1cb81", "apiVersion": "v1.0", "requestMethod": "GET", "responseStatusCode": 200, "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "ipAddress": "20.36.154.214", "userAgent": "", "requestUri": "https://graph.microsoft.com/v1.0/organization", "durationMs": 436959, "responseSizeBytes": 25341, "signInActivityId": "AI6kEvqYcUiAH62hYiMCAA", "roles": "Directory.Read.All GroupMember.Read.All", "tokenIssuedAt": "2024-01-29T21:27:25Z", "appId": "7b7531ad-5926-4f2d-8a1d-38495ad33e17", "userId": null, "servicePrincipalId": "8aa97ca2-a958-4bc2-af3c-2fdf8caa88bd", "scopes": null, "identityProvider": "https://sts.windows.net/75243ab2-44f8-435c-a7a6-b479385df6d4/", "clientAuthMethod": "2", "wids": "0997a1d0-0d1d-4acb-b408-d5ca73121e90", "atContent": ""}}
{"time": "2024-01-29T21:32:10.0462941Z", "resourceId": "/TENANTS/A417C578-C7EE-480D-A225-D48057E74DF5/PROVIDERS/MICROSOFT.AADIAM", "operationName": "Microsoft Graph Activity", "operationVersion": "beta", "category": "MicrosoftGraphActivityLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultSignature": "200", "durationMs": 15066935, "callerIpAddress": "120.1.97.19", "correlationId": "f9506f61-b15f-482d-83d3-b8e2d0645426", "Level": 4, "location": "West US 2", "properties": {"timeGenerated": "2024-01-29T21:32:10.0462941Z", "location": "West US 2", "requestId": "f9506f61-b15f-482d-83d3-b8e2d0645426", "operationId": "f9506f61-b15f-482d-83d3-b8e2d0645426", "clientRequestId": "f9506f61-b15f-482d-83d3-b8e2d0645426", "apiVersion": "beta", "requestMethod": "GET", "responseStatusCode": 200, "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "ipAddress": "120.1.97.19", "userAgent": "python-requests/2.28.1", "requestUri": "https://graph.microsoft.com/beta/auditLogs/signIns?$orderby=createdDateTime&$filter=createdDateTime+gt+2024-01-29T21:23:47Z+and+createdDateTime+le+2024-01-29T21:25:08.483687Z", "durationMs": 15066935, "responseSizeBytes": 3242, "signInActivityId": "W0diKhi4q0miWC1Gg3E0AA", "roles": "ServiceMessage.Read.All Directory.Read.All AuditLog.Read.All Policy.Read.All ServiceHealth.Read.All Reports.Read.All", "tokenIssuedAt": "2024-01-29T21:27:08Z", "appId": "2f7d225e-ae9b-478c-842b-1716c08f3384", "userId": null, "servicePrincipalId": "60ee4f4e-9221-479c-92df-4c97cb5e2f9d", "scopes": null, "identityProvider": "https://sts.windows.net/75243ab2-44f8-435c-a7a6-b479385df6d4/", "clientAuthMethod": "1", "wids": "0997a1d0-0d1d-4acb-b408-d5ca73121e90", "atContent": ""}}
{"time": "2024-01-29T21:31:50.9263978Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "ServicePrincipalSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.97.19", "correlationId": "83184f10-1236-4583-bf46-c02321080787", "Level": 4, "location": "US", "properties": {"id": "3233b864-c8c7-4c79-9d93-e588138a3700", "createdDateTime": "2024-01-29T21:30:09.1670693+00:00", "userId": null, "appId": "2f7d225e-ae9b-478c-842b-1716c08f3384", "ipAddress": "120.1.97.19", "status": {"errorCode": 0}, "location": {"city": "Boardman", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 145.83599853515625, "longitude": -19.698997497558594}}, "correlationId": "83184f10-1236-4583-bf46-c02321080787", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "isInteractive": false, "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Azure AD App Authentication Library", "value": ""}], "clientCredentialType": "none", "processingTimeInMilliseconds": 0, "riskDetail": "none", "riskLevelAggregated": "low", "riskLevelDuringSignIn": "low", "riskState": "none", "resourceDisplayName": "Microsoft Graph", "resourceId": "00000003-0000-0000-c000-000000000000", "servicePrincipalName": "Research", "servicePrincipalId": "60ee4f4e-9221-479c-92df-4c97cb5e2f9d", "flaggedForReview": false, "isTenantRestricted": false, "crossTenantAccessType": "none", "servicePrincipalCredentialKeyId": "409fa253-45ce-4321-b519-c01de5fe084e", "uniqueTokenIdentifier": "ZLgzMsfIeUydk-WIE4o3AA", "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "ce7199b4-8f52-46f3-b54b-4fd81de961e2", "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}}
{"time": "2024-01-29T21:31:18.8872121Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "ServicePrincipalSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.97.19", "correlationId": "ae5f5239-fea6-49f7-a6f1-ca9142d5366a", "Level": 4, "location": "US", "properties": {"id": "5a57dca0-3a93-4921-bdfd-ba82c6e23800", "createdDateTime": "2024-01-29T21:29:08.1470349+00:00", "userId": null, "appId": "2f7d225e-ae9b-478c-842b-1716c08f3384", "ipAddress": "120.1.97.19", "status": {"errorCode": 0}, "location": {"city": "Boardman", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 145.83599853515625, "longitude": -19.698997497558594}}, "correlationId": "ae5f5239-fea6-49f7-a6f1-ca9142d5366a", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "isInteractive": false, "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Azure AD App Authentication Library", "value": ""}], "clientCredentialType": "none", "processingTimeInMilliseconds": 0, "riskDetail": "none", "riskLevelAggregated": "low", "riskLevelDuringSignIn": "low", "riskState": "none", "resourceDisplayName": "Microsoft Graph", "resourceId": "00000003-0000-0000-c000-000000000000", "servicePrincipalName": "Research", "servicePrincipalId": "60ee4f4e-9221-479c-92df-4c97cb5e2f9d", "flaggedForReview": false, "isTenantRestricted": false, "crossTenantAccessType": "none", "servicePrincipalCredentialKeyId": "409fa253-45ce-4321-b519-c01de5fe084e", "uniqueTokenIdentifier": "oNxXWpM6IUm9_bqCxuI4AA", "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "ce7199b4-8f52-46f3-b54b-4fd81de961e2", "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}}
{"time": "2024-01-29T21:31:12.4322552Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "ServicePrincipalSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.97.19", "correlationId": "204266b1-f35f-419a-ab3f-863145d22473", "Level": 4, "location": "US", "properties": {"id": "1bd87eeb-34fd-4911-b596-e8d8d4762a00", "createdDateTime": "2024-01-29T21:28:10.066581+00:00", "userId": null, "appId": "2f7d225e-ae9b-478c-842b-1716c08f3384", "ipAddress": "120.1.97.19", "status": {"errorCode": 0}, "location": {"city": "Boardman", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 145.83599853515625, "longitude": -19.698997497558594}}, "correlationId": "204266b1-f35f-419a-ab3f-863145d22473", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "isInteractive": false, "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Azure AD App Authentication Library", "value": ""}], "clientCredentialType": "none", "processingTimeInMilliseconds": 0, "riskDetail": "none", "riskLevelAggregated": "low", "riskLevelDuringSignIn": "low", "riskState": "none", "resourceDisplayName": "Office 365 Management APIs", "resourceId": "c5393580-f805-4401-95e8-94b7a6ef2fc2", "servicePrincipalName": "Research", "servicePrincipalId": "60ee4f4e-9221-479c-92df-4c97cb5e2f9d", "flaggedForReview": false, "isTenantRestricted": false, "crossTenantAccessType": "none", "servicePrincipalCredentialKeyId": "a7e8347c-5a38-45ec-a875-b8c6113a2881", "uniqueTokenIdentifier": "637YG_00EUm1lujY1HYqAA", "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "47e1c3d7-c9d5-4488-8325-43b5ea29b0b7", "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}}
{"time": "2024-01-29T21:31:10.1041271Z", "resourceId": "/TENANTS/A417C578-C7EE-480D-A225-D48057E74DF5/PROVIDERS/MICROSOFT.AADIAM", "operationName": "Microsoft Graph Activity", "operationVersion": "beta", "category": "MicrosoftGraphActivityLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultSignature": "200", "durationMs": 16433034, "callerIpAddress": "120.1.97.19", "correlationId": "c8aa4f00-af54-4d94-a341-6837a0907642", "Level": 4, "location": "West US 2", "properties": {"timeGenerated": "2024-01-29T21:31:10.1041271Z", "location": "West US 2", "requestId": "c8aa4f00-af54-4d94-a341-6837a0907642", "operationId": "c8aa4f00-af54-4d94-a341-6837a0907642", "clientRequestId": "c8aa4f00-af54-4d94-a341-6837a0907642", "apiVersion": "beta", "requestMethod": "GET", "responseStatusCode": 200, "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "ipAddress": "120.1.97.19", "userAgent": "python-requests/2.28.1", "requestUri": "https://graph.microsoft.com/beta/auditLogs/signIns?$orderby=createdDateTime&$filter=createdDateTime+gt+2024-01-29T20:39:45Z+and+createdDateTime+le+2024-01-29T21:24:08.411130Z", "durationMs": 16433034, "responseSizeBytes": 6393, "signInActivityId": "VtpIX0mUAkCLeMLEBnMuAA", "roles": "ServiceMessage.Read.All Directory.Read.All AuditLog.Read.All Policy.Read.All ServiceHealth.Read.All Reports.Read.All", "tokenIssuedAt": "2024-01-29T21:26:08Z", "appId": "2f7d225e-ae9b-478c-842b-1716c08f3384", "userId": null, "servicePrincipalId": "60ee4f4e-9221-479c-92df-4c97cb5e2f9d", "scopes": null, "identityProvider": "https://sts.windows.net/75243ab2-44f8-435c-a7a6-b479385df6d4/", "clientAuthMethod": "1", "wids": "0997a1d0-0d1d-4acb-b408-d5ca73121e90", "atContent": ""}}
{"time": "2024-01-29T21:31:04.5141962Z", "resourceId": "/TENANTS/A417C578-C7EE-480D-A225-D48057E74DF5/PROVIDERS/MICROSOFT.AADIAM", "operationName": "Microsoft Graph Activity", "operationVersion": "v1.0", "category": "MicrosoftGraphActivityLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultSignature": "200", "durationMs": 3069470, "callerIpAddress": "120.1.121.35", "correlationId": "fb17174c-6478-4217-9703-5d20c9ca8881", "Level": 4, "location": "West US", "properties": {"timeGenerated": "2024-01-29T21:31:04.5141962Z", "location": "West US", "requestId": "fb17174c-6478-4217-9703-5d20c9ca8881", "operationId": "fb17174c-6478-4217-9703-5d20c9ca8881", "clientRequestId": "943f57b2-7489-486c-afb4-69a197005a5d", "apiVersion": "v1.0", "requestMethod": "GET", "responseStatusCode": 200, "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "ipAddress": "120.1.121.35", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36", "requestUri": "https://graph.microsoft.com/v1.0/servicePrincipals/ce7199b4-8f52-46f3-b54b-4fd81de961e2", "durationMs": 3069470, "responseSizeBytes": 436055, "signInActivityId": "UzkbLRIB1E-HIUdXD5cnAA", "roles": null, "tokenIssuedAt": "2024-01-29T21:18:57Z", "appId": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", "userId": "e4c722ac-3b83-478d-8f52-c388885dc30f", "servicePrincipalId": null, "scopes": "AdministrativeUnit.Read.All AdministrativeUnit.ReadWrite.All Application.Read.All Application.ReadWrite.All AppRoleAssignment.ReadWrite.All DelegatedPermissionGrant.ReadWrite.All Domain.Read.All email IdentityProvider.ReadWrite.All openid Organization.ReadWrite.All Policy.Read.All Policy.ReadWrite.ApplicationConfiguration Policy.ReadWrite.MobilityManagement profile RoleManagement.ReadWrite.Exchange User.Read User.Read.All", "identityProvider": null, "clientAuthMethod": "2", "wids": "fe930be7-5e62-47db-91af-98c3a49a38b1 f28a1f50-f6e7-4571-818b-6a12f2af6b6c e6d1a23a-da11-4be4-9570-befc86d067a7 5f2222b1-57c3-48ba-8ad5-d4759f1fde6f 62e90394-69f5-4237-9190-012177145e10 c430b396-e693-46cc-96f3-db01bf8bb62a 9c6df0f2-1e7c-4dc3-b195-66dfbd24aa8f 29232cdf-9323-42fd-ade2-1d097af3e4de 5d6b6bb7-de71-4623-b4af-96380a352509 194ae4cb-b126-40b2-bd5b-6091b380977d f2ef992c-3afb-46b9-b7cf-a126ee74c451 9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3 17315797-102d-40b4-93e0-432062caca18 158c047a-c907-4556-b7ef-446551a6b5f7 b79fbf4d-3ef9-4689-8143-76b194e85509", "atContent": ""}}
{"time": "2024-01-29T21:31:04.1255188Z", "resourceId": "/TENANTS/A417C578-C7EE-480D-A225-D48057E74DF5/PROVIDERS/MICROSOFT.AADIAM", "operationName": "Microsoft Graph Activity", "operationVersion": "v1.0", "category": "MicrosoftGraphActivityLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultSignature": "200", "durationMs": 3903618, "callerIpAddress": "120.1.121.35", "correlationId": "e0c47513-a506-49f8-a466-f07520edf925", "Level": 4, "location": "West US", "properties": {"timeGenerated": "2024-01-29T21:31:04.1255188Z", "location": "West US", "requestId": "e0c47513-a506-49f8-a466-f07520edf925", "operationId": "e0c47513-a506-49f8-a466-f07520edf925", "clientRequestId": "943f57b2-7489-486c-afb4-69a197005a5d", "apiVersion": "v1.0", "requestMethod": "GET", "responseStatusCode": 200, "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "ipAddress": "120.1.121.35", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36", "requestUri": "https://graph.microsoft.com/v1.0/servicePrincipals/225cb41b-4a49-47de-9423-d3112bd0bc2d/appRoleAssignments?$top=999", "durationMs": 3903618, "responseSizeBytes": 546, "signInActivityId": "UzkbLRIB1E-HIUdXD5cnAA", "roles": null, "tokenIssuedAt": "2024-01-29T21:18:57Z", "appId": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", "userId": "e4c722ac-3b83-478d-8f52-c388885dc30f", "servicePrincipalId": null, "scopes": "AdministrativeUnit.Read.All AdministrativeUnit.ReadWrite.All Application.Read.All Application.ReadWrite.All AppRoleAssignment.ReadWrite.All DelegatedPermissionGrant.ReadWrite.All Domain.Read.All email IdentityProvider.ReadWrite.All openid Organization.ReadWrite.All Policy.Read.All Policy.ReadWrite.ApplicationConfiguration Policy.ReadWrite.MobilityManagement profile RoleManagement.ReadWrite.Exchange User.Read User.Read.All", "identityProvider": null, "clientAuthMethod": "2", "wids": "fe930be7-5e62-47db-91af-98c3a49a38b1 f28a1f50-f6e7-4571-818b-6a12f2af6b6c e6d1a23a-da11-4be4-9570-befc86d067a7 5f2222b1-57c3-48ba-8ad5-d4759f1fde6f 62e90394-69f5-4237-9190-012177145e10 c430b396-e693-46cc-96f3-db01bf8bb62a 9c6df0f2-1e7c-4dc3-b195-66dfbd24aa8f 29232cdf-9323-42fd-ade2-1d097af3e4de 5d6b6bb7-de71-4623-b4af-96380a352509 194ae4cb-b126-40b2-bd5b-6091b380977d f2ef992c-3afb-46b9-b7cf-a126ee74c451 9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3 17315797-102d-40b4-93e0-432062caca18 158c047a-c907-4556-b7ef-446551a6b5f7 b79fbf4d-3ef9-4689-8143-76b194e85509", "atContent": ""}}
{"time": "2024-01-29T21:31:04.1198408Z", "resourceId": "/TENANTS/A417C578-C7EE-480D-A225-D48057E74DF5/PROVIDERS/MICROSOFT.AADIAM", "operationName": "Microsoft Graph Activity", "operationVersion": "v1.0", "category": "MicrosoftGraphActivityLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultSignature": "200", "durationMs": 1529324, "callerIpAddress": "120.1.121.35", "correlationId": "8384feb7-c20c-402f-a733-e1ed93a5017d", "Level": 4, "location": "West US", "properties": {"timeGenerated": "2024-01-29T21:31:04.1198408Z", "location": "West US", "requestId": "8384feb7-c20c-402f-a733-e1ed93a5017d", "operationId": "8384feb7-c20c-402f-a733-e1ed93a5017d", "clientRequestId": "943f57b2-7489-486c-afb4-69a197005a5d", "apiVersion": "v1.0", "requestMethod": "GET", "responseStatusCode": 200, "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "ipAddress": "120.1.121.35", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36", "requestUri": "https://graph.microsoft.com/v1.0/oauth2PermissionGrants?$filter=clientId%20eq%20%27225cb41b-4a49-47de-9423-d3112bd0bc2d%27%20and%20consentType%20eq%20%27AllPrincipals%27&$top=999", "durationMs": 1529324, "responseSizeBytes": 345, "signInActivityId": "UzkbLRIB1E-HIUdXD5cnAA", "roles": null, "tokenIssuedAt": "2024-01-29T21:18:57Z", "appId": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", "userId": "e4c722ac-3b83-478d-8f52-c388885dc30f", "servicePrincipalId": null, "scopes": "AdministrativeUnit.Read.All AdministrativeUnit.ReadWrite.All Application.Read.All Application.ReadWrite.All AppRoleAssignment.ReadWrite.All DelegatedPermissionGrant.ReadWrite.All Domain.Read.All email IdentityProvider.ReadWrite.All openid Organization.ReadWrite.All Policy.Read.All Policy.ReadWrite.ApplicationConfiguration Policy.ReadWrite.MobilityManagement profile RoleManagement.ReadWrite.Exchange User.Read User.Read.All", "identityProvider": null, "clientAuthMethod": "2", "wids": "fe930be7-5e62-47db-91af-98c3a49a38b1 f28a1f50-f6e7-4571-818b-6a12f2af6b6c e6d1a23a-da11-4be4-9570-befc86d067a7 5f2222b1-57c3-48ba-8ad5-d4759f1fde6f 62e90394-69f5-4237-9190-012177145e10 c430b396-e693-46cc-96f3-db01bf8bb62a 9c6df0f2-1e7c-4dc3-b195-66dfbd24aa8f 29232cdf-9323-42fd-ade2-1d097af3e4de 5d6b6bb7-de71-4623-b4af-96380a352509 194ae4cb-b126-40b2-bd5b-6091b380977d f2ef992c-3afb-46b9-b7cf-a126ee74c451 9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3 17315797-102d-40b4-93e0-432062caca18 158c047a-c907-4556-b7ef-446551a6b5f7 b79fbf4d-3ef9-4689-8143-76b194e85509", "atContent": ""}}
{"time": "2024-01-29T21:31:03.0757248Z", "resourceId": "/TENANTS/A417C578-C7EE-480D-A225-D48057E74DF5/PROVIDERS/MICROSOFT.AADIAM", "operationName": "Microsoft Graph Activity", "operationVersion": "v1.0", "category": "MicrosoftGraphActivityLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultSignature": "200", "durationMs": 4915417, "callerIpAddress": "120.1.121.35", "correlationId": "01dc4851-80b7-42a4-9123-95e113e174b6", "Level": 4, "location": "West US", "properties": {"timeGenerated": "2024-01-29T21:31:03.0757248Z", "location": "West US", "requestId": "01dc4851-80b7-42a4-9123-95e113e174b6", "operationId": "01dc4851-80b7-42a4-9123-95e113e174b6", "clientRequestId": "943f57b2-7489-486c-afb4-69a197005a5d", "apiVersion": "v1.0", "requestMethod": "PATCH", "responseStatusCode": 200, "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "ipAddress": "120.1.121.35", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36", "requestUri": "https://graph.microsoft.com/v1.0/myorganization/applications/75924835-d844-4947-96ba-18074e997386", "durationMs": 4915417, "responseSizeBytes": 2251, "signInActivityId": "UzkbLRIB1E-HIUdXD5cnAA", "roles": null, "tokenIssuedAt": "2024-01-29T21:18:57Z", "appId": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", "userId": "e4c722ac-3b83-478d-8f52-c388885dc30f", "servicePrincipalId": null, "scopes": "AdministrativeUnit.Read.All AdministrativeUnit.ReadWrite.All Application.Read.All Application.ReadWrite.All AppRoleAssignment.ReadWrite.All DelegatedPermissionGrant.ReadWrite.All Domain.Read.All email IdentityProvider.ReadWrite.All openid Organization.ReadWrite.All Policy.Read.All Policy.ReadWrite.ApplicationConfiguration Policy.ReadWrite.MobilityManagement profile RoleManagement.ReadWrite.Exchange User.Read User.Read.All", "identityProvider": null, "clientAuthMethod": "2", "wids": "fe930be7-5e62-47db-91af-98c3a49a38b1 f28a1f50-f6e7-4571-818b-6a12f2af6b6c e6d1a23a-da11-4be4-9570-befc86d067a7 5f2222b1-57c3-48ba-8ad5-d4759f1fde6f 62e90394-69f5-4237-9190-012177145e10 c430b396-e693-46cc-96f3-db01bf8bb62a 9c6df0f2-1e7c-4dc3-b195-66dfbd24aa8f 29232cdf-9323-42fd-ade2-1d097af3e4de 5d6b6bb7-de71-4623-b4af-96380a352509 194ae4cb-b126-40b2-bd5b-6091b380977d f2ef992c-3afb-46b9-b7cf-a126ee74c451 9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3 17315797-102d-40b4-93e0-432062caca18 158c047a-c907-4556-b7ef-446551a6b5f7 b79fbf4d-3ef9-4689-8143-76b194e85509", "atContent": ""}}
{"time": "2024-01-29T21:31:03.0571425Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "22b158d1-5638-47a1-b957-2c9090260676", "identity": "user30 Edwards", "Level": 4, "location": "US", "properties": {"id": "a51d58c3-8bbd-4f32-89b2-ee957d043400", "createdDateTime": "2024-01-29T21:28:18.7006519+00:00", "userDisplayName": "user30 Edwards", "userPrincipalName": "user30@splunkresearch.onmicrosoft.com", "userId": "e4c722ac-3b83-478d-8f52-c388885dc30f", "appId": "74658136-14ec-4630-ad9b-26e160ff0fc6", "appDisplayName": "ADIbizaUX", "ipAddress": "120.1.121.35", "status": {"errorCode": 0}, "clientAppUsed": "Browser", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Rich Client 4.56.0.0"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 140.75809860229492, "longitude": 26.00627899169922}}, "correlationId": "22b158d1-5638-47a1-b957-2c9090260676", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "a51d58c3-8bbd-4f32-89b2-ee957d043400", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Is Client Capable", "value": "True"}, {"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"user_impersonation\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 96, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "MS-PIM", "resourceId": "01fc33a7-78ba-4d2f-a4b7-768e336e890e", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [], "authenticationRequirementPolicies": [], "sessionLifetimePolicies": [], "authenticationRequirement": "singleFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "w1gdpb2LMk-Jsu6VfQQ0AA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "ebded46a-429e-487b-a305-8c8ab4394287", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}}
{"time": "2024-01-29T21:31:03.0102031Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Update application", "operationVersion": "1.0", "category": "AuditLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultSignature": "None", "durationMs": 0, "correlationId": "a5396d2b-fcf6-41e7-9219-c6239f1298e3", "Level": 4, "properties": {"id": "Directory_a5396d2b-fcf6-41e7-9219-c6239f1298e3_DGBDP_1548236", "category": "ApplicationManagement", "correlationId": "a5396d2b-fcf6-41e7-9219-c6239f1298e3", "result": "success", "resultReason": "", "activityDisplayName": "Update application", "activityDateTime": "2024-01-29T21:31:03.0102031+00:00", "loggedByService": "Core Directory", "operationType": "Update", "userAgent": null, "initiatedBy": {"user": {"id": "e4c722ac-3b83-478d-8f52-c388885dc30f", "displayName": null, "userPrincipalName": "user30@splunkresearch.onmicrosoft.com", "ipAddress": "", "roles": []}}, "targetResources": [{"id": "75924835-d844-4947-96ba-18074e997386", "displayName": "MaliciousApp", "type": "Application", "modifiedProperties": [{"displayName": "RequiredResourceAccess", "oldValue": "[{\"ResourceAppId\":\"00000003-0000-0000-c000-000000000000\",\"RequiredAppPermissions\":[{\"EntitlementId\":\"570282fd-fa5c-430d-a7fd-fc8dc98a9dca\",\"DirectAccessGrant\":false,\"ImpersonationAccessGrants\":[20]},{\"EntitlementId\":\"7427e0e9-2fba-42fe-b0c0-848c9e6a8182\",\"DirectAccessGrant\":false,\"ImpersonationAccessGrants\":[20]},{\"EntitlementId\":\"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\"DirectAccessGrant\":false,\"ImpersonationAccessGrants\":[20]},{\"EntitlementId\":\"810c84a8-4a9e-49e6-bf7d-12d183f40d01\",\"DirectAccessGrant\":true,\"ImpersonationAccessGrants\":[]}],\"EncodingVersion\":1}]", "newValue": "[{\"ResourceAppId\":\"00000003-0000-0000-c000-000000000000\",\"RequiredAppPermissions\":[{\"EntitlementId\":\"570282fd-fa5c-430d-a7fd-fc8dc98a9dca\",\"DirectAccessGrant\":false,\"ImpersonationAccessGrants\":[20]},{\"EntitlementId\":\"7427e0e9-2fba-42fe-b0c0-848c9e6a8182\",\"DirectAccessGrant\":false,\"ImpersonationAccessGrants\":[20]},{\"EntitlementId\":\"e1fe6dd8-ba31-4d61-89e7-88639da4683d\",\"DirectAccessGrant\":false,\"ImpersonationAccessGrants\":[20]},{\"EntitlementId\":\"810c84a8-4a9e-49e6-bf7d-12d183f40d01\",\"DirectAccessGrant\":true,\"ImpersonationAccessGrants\":[]}],\"EncodingVersion\":1},{\"ResourceAppId\":\"00000002-0000-0ff1-ce00-000000000000\",\"RequiredAppPermissions\":[{\"EntitlementId\":\"dc890d15-9560-4a4c-9b7f-a736ec74ec40\",\"DirectAccessGrant\":true,\"ImpersonationAccessGrants\":[]}],\"EncodingVersion\":1}]"}, {"displayName": "Included Updated Properties", "oldValue": null, "newValue": "\"RequiredResourceAccess\""}], "administrativeUnits": []}], "additionalDetails": [{"key": "User-Agent", "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"}, {"key": "AppId", "value": "867f0d29-0eab-4017-b691-c4713cc7d7b0"}]}}
{"time": "2024-01-29T21:31:02.8942128Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Update service principal", "operationVersion": "1.0", "category": "AuditLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultSignature": "None", "durationMs": 0, "correlationId": "a5396d2b-fcf6-41e7-9219-c6239f1298e3", "Level": 4, "properties": {"id": "Directory_a5396d2b-fcf6-41e7-9219-c6239f1298e3_DGBDP_1548204", "category": "ApplicationManagement", "correlationId": "a5396d2b-fcf6-41e7-9219-c6239f1298e3", "result": "success", "resultReason": "", "activityDisplayName": "Update service principal", "activityDateTime": "2024-01-29T21:31:02.8942128+00:00", "loggedByService": "Core Directory", "operationType": "Update", "userAgent": null, "initiatedBy": {"user": {"id": "e4c722ac-3b83-478d-8f52-c388885dc30f", "displayName": null, "userPrincipalName": "user30@splunkresearch.onmicrosoft.com", "ipAddress": "", "roles": []}}, "targetResources": [{"id": "225cb41b-4a49-47de-9423-d3112bd0bc2d", "displayName": "MaliciousApp", "type": "ServicePrincipal", "modifiedProperties": [{"displayName": "Included Updated Properties", "oldValue": null, "newValue": "\"\""}, {"displayName": "TargetId.ServicePrincipalNames", "oldValue": null, "newValue": "\"867f0d29-0eab-4017-b691-c4713cc7d7b0\""}], "administrativeUnits": []}], "additionalDetails": [{"key": "User-Agent", "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"}, {"key": "AppId", "value": "867f0d29-0eab-4017-b691-c4713cc7d7b0"}]}}
{"time": "2024-01-29T21:30:57.8669774Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "ServicePrincipalSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.97.19", "correlationId": "792beae5-0725-4b41-8b12-f7a976c6b063", "Level": 4, "location": "US", "properties": {"id": "7b0ef9d3-4a1c-4032-ab4b-8b5ccaae2600", "createdDateTime": "2024-01-29T21:28:10.3806198+00:00", "userId": null, "appId": "2f7d225e-ae9b-478c-842b-1716c08f3384", "ipAddress": "120.1.97.19", "status": {"errorCode": 0}, "location": {"city": "Boardman", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 145.83599853515625, "longitude": -19.698997497558594}}, "correlationId": "792beae5-0725-4b41-8b12-f7a976c6b063", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "isInteractive": false, "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Azure AD App Authentication Library", "value": ""}], "clientCredentialType": "none", "processingTimeInMilliseconds": 0, "riskDetail": "none", "riskLevelAggregated": "low", "riskLevelDuringSignIn": "low", "riskState": "none", "resourceDisplayName": "Office 365 Exchange Online", "resourceId": "00000002-0000-0ff1-ce00-000000000000", "servicePrincipalName": "Research", "servicePrincipalId": "60ee4f4e-9221-479c-92df-4c97cb5e2f9d", "flaggedForReview": false, "isTenantRestricted": false, "crossTenantAccessType": "none", "servicePrincipalCredentialKeyId": "a7e8347c-5a38-45ec-a875-b8c6113a2881", "uniqueTokenIdentifier": "0_kOexxKMkCrS4tcyq4mAA", "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "8429eb5c-faeb-4ade-8eac-acc003790769", "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}}
{"time": "2024-01-29T21:30:46.4461552Z", "resourceId": "/TENANTS/A417C578-C7EE-480D-A225-D48057E74DF5/PROVIDERS/MICROSOFT.AADIAM", "operationName": "Microsoft Graph Activity", "operationVersion": "beta", "category": "MicrosoftGraphActivityLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultSignature": "200", "durationMs": 1804304, "callerIpAddress": "120.1.121.35", "correlationId": "7cf4ed8c-1aa7-4184-bf3d-1220e859f006", "Level": 4, "location": "West US", "properties": {"timeGenerated": "2024-01-29T21:30:46.4461552Z", "location": "West US", "requestId": "7cf4ed8c-1aa7-4184-bf3d-1220e859f006", "operationId": "7cf4ed8c-1aa7-4184-bf3d-1220e859f006", "clientRequestId": "943f57b2-7489-486c-afb4-69a197005a5d", "apiVersion": "beta", "requestMethod": "GET", "responseStatusCode": 200, "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "ipAddress": "120.1.121.35", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36", "requestUri": "https://graph.microsoft.com/beta/servicePrincipals/?&$filter=startswith(displayName,%27Office%20365%20Exchange%20Online%27)", "durationMs": 1804304, "responseSizeBytes": 38682, "signInActivityId": "UzkbLRIB1E-HIUdXD5cnAA", "roles": null, "tokenIssuedAt": "2024-01-29T21:18:57Z", "appId": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", "userId": "e4c722ac-3b83-478d-8f52-c388885dc30f", "servicePrincipalId": null, "scopes": "AdministrativeUnit.Read.All AdministrativeUnit.ReadWrite.All Application.Read.All Application.ReadWrite.All AppRoleAssignment.ReadWrite.All DelegatedPermissionGrant.ReadWrite.All Domain.Read.All email IdentityProvider.ReadWrite.All openid Organization.ReadWrite.All Policy.Read.All Policy.ReadWrite.ApplicationConfiguration Policy.ReadWrite.MobilityManagement profile RoleManagement.ReadWrite.Exchange User.Read User.Read.All", "identityProvider": null, "clientAuthMethod": "2", "wids": "fe930be7-5e62-47db-91af-98c3a49a38b1 f28a1f50-f6e7-4571-818b-6a12f2af6b6c e6d1a23a-da11-4be4-9570-befc86d067a7 5f2222b1-57c3-48ba-8ad5-d4759f1fde6f 62e90394-69f5-4237-9190-012177145e10 c430b396-e693-46cc-96f3-db01bf8bb62a 9c6df0f2-1e7c-4dc3-b195-66dfbd24aa8f 29232cdf-9323-42fd-ade2-1d097af3e4de 5d6b6bb7-de71-4623-b4af-96380a352509 194ae4cb-b126-40b2-bd5b-6091b380977d f2ef992c-3afb-46b9-b7cf-a126ee74c451 9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3 17315797-102d-40b4-93e0-432062caca18 158c047a-c907-4556-b7ef-446551a6b5f7 b79fbf4d-3ef9-4689-8143-76b194e85509", "atContent": ""}}
{"time": "2024-01-29T21:30:44.5480652Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "ServicePrincipalSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.97.19", "correlationId": "973a6528-1182-4cdb-a003-e9c572446e8a", "Level": 4, "location": "US", "properties": {"id": "450a2daa-1561-4840-87ab-270455a72600", "createdDateTime": "2024-01-29T21:28:08.6497079+00:00", "userId": null, "appId": "2f7d225e-ae9b-478c-842b-1716c08f3384", "ipAddress": "120.1.97.19", "status": {"errorCode": 0}, "location": {"city": "Boardman", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 145.83599853515625, "longitude": -19.698997497558594}}, "correlationId": "973a6528-1182-4cdb-a003-e9c572446e8a", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "isInteractive": false, "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Azure AD App Authentication Library", "value": ""}], "clientCredentialType": "none", "processingTimeInMilliseconds": 0, "riskDetail": "none", "riskLevelAggregated": "low", "riskLevelDuringSignIn": "low", "riskState": "none", "resourceDisplayName": "Microsoft Graph", "resourceId": "00000003-0000-0000-c000-000000000000", "servicePrincipalName": "Research", "servicePrincipalId": "60ee4f4e-9221-479c-92df-4c97cb5e2f9d", "flaggedForReview": false, "isTenantRestricted": false, "crossTenantAccessType": "none", "servicePrincipalCredentialKeyId": "a7e8347c-5a38-45ec-a875-b8c6113a2881", "uniqueTokenIdentifier": "qi0KRWEVQEiHqycEVacmAA", "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "ce7199b4-8f52-46f3-b54b-4fd81de961e2", "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}}
{"time": "2024-01-29T21:30:41.9591475Z", "resourceId": "/TENANTS/A417C578-C7EE-480D-A225-D48057E74DF5/PROVIDERS/MICROSOFT.AADIAM", "operationName": "Microsoft Graph Activity", "operationVersion": "beta", "category": "MicrosoftGraphActivityLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultSignature": "200", "durationMs": 1892140, "callerIpAddress": "120.1.121.35", "correlationId": "e73519c1-cfc3-4fe8-8c8d-35a76fc445d3", "Level": 4, "location": "West US", "properties": {"timeGenerated": "2024-01-29T21:30:41.9591475Z", "location": "West US", "requestId": "e73519c1-cfc3-4fe8-8c8d-35a76fc445d3", "operationId": "e73519c1-cfc3-4fe8-8c8d-35a76fc445d3", "clientRequestId": "943f57b2-7489-486c-afb4-69a197005a5d", "apiVersion": "beta", "requestMethod": "GET", "responseStatusCode": 200, "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "ipAddress": "120.1.121.35", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36", "requestUri": "https://graph.microsoft.com/beta/servicePrincipals/?&$filter=startswith(displayName,%27Office%20365%20Exchange%20Online%27)", "durationMs": 1892140, "responseSizeBytes": 38682, "signInActivityId": "UzkbLRIB1E-HIUdXD5cnAA", "roles": null, "tokenIssuedAt": "2024-01-29T21:18:57Z", "appId": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", "userId": "e4c722ac-3b83-478d-8f52-c388885dc30f", "servicePrincipalId": null, "scopes": "AdministrativeUnit.Read.All AdministrativeUnit.ReadWrite.All Application.Read.All Application.ReadWrite.All AppRoleAssignment.ReadWrite.All DelegatedPermissionGrant.ReadWrite.All Domain.Read.All email IdentityProvider.ReadWrite.All openid Organization.ReadWrite.All Policy.Read.All Policy.ReadWrite.ApplicationConfiguration Policy.ReadWrite.MobilityManagement profile RoleManagement.ReadWrite.Exchange User.Read User.Read.All", "identityProvider": null, "clientAuthMethod": "2", "wids": "fe930be7-5e62-47db-91af-98c3a49a38b1 f28a1f50-f6e7-4571-818b-6a12f2af6b6c e6d1a23a-da11-4be4-9570-befc86d067a7 5f2222b1-57c3-48ba-8ad5-d4759f1fde6f 62e90394-69f5-4237-9190-012177145e10 c430b396-e693-46cc-96f3-db01bf8bb62a 9c6df0f2-1e7c-4dc3-b195-66dfbd24aa8f 29232cdf-9323-42fd-ade2-1d097af3e4de 5d6b6bb7-de71-4623-b4af-96380a352509 194ae4cb-b126-40b2-bd5b-6091b380977d f2ef992c-3afb-46b9-b7cf-a126ee74c451 9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3 17315797-102d-40b4-93e0-432062caca18 158c047a-c907-4556-b7ef-446551a6b5f7 b79fbf4d-3ef9-4689-8143-76b194e85509", "atContent": ""}}
{"time": "2024-01-29T21:30:40.4053776Z", "resourceId": "/TENANTS/A417C578-C7EE-480D-A225-D48057E74DF5/PROVIDERS/MICROSOFT.AADIAM", "operationName": "Microsoft Graph Activity", "operationVersion": "beta", "category": "MicrosoftGraphActivityLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultSignature": "200", "durationMs": 3448933, "callerIpAddress": "120.1.121.35", "correlationId": "32d9f276-6f9b-49a7-b7b6-4c4cf88e9660", "Level": 4, "location": "West US", "properties": {"timeGenerated": "2024-01-29T21:30:40.4053776Z", "location": "West US", "requestId": "32d9f276-6f9b-49a7-b7b6-4c4cf88e9660", "operationId": "32d9f276-6f9b-49a7-b7b6-4c4cf88e9660", "clientRequestId": "943f57b2-7489-486c-afb4-69a197005a5d", "apiVersion": "beta", "requestMethod": "GET", "responseStatusCode": 200, "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "ipAddress": "120.1.121.35", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36", "requestUri": "https://graph.microsoft.com/beta/servicePrincipals/", "durationMs": 3448933, "responseSizeBytes": 249624, "signInActivityId": "UzkbLRIB1E-HIUdXD5cnAA", "roles": null, "tokenIssuedAt": "2024-01-29T21:18:57Z", "appId": "18ed3507-a475-4ccb-b669-d66bc9f2a36e", "userId": "e4c722ac-3b83-478d-8f52-c388885dc30f", "servicePrincipalId": null, "scopes": "AdministrativeUnit.Read.All AdministrativeUnit.ReadWrite.All Application.Read.All Application.ReadWrite.All AppRoleAssignment.ReadWrite.All DelegatedPermissionGrant.ReadWrite.All Domain.Read.All email IdentityProvider.ReadWrite.All openid Organization.ReadWrite.All Policy.Read.All Policy.ReadWrite.ApplicationConfiguration Policy.ReadWrite.MobilityManagement profile RoleManagement.ReadWrite.Exchange User.Read User.Read.All", "identityProvider": null, "clientAuthMethod": "2", "wids": "fe930be7-5e62-47db-91af-98c3a49a38b1 f28a1f50-f6e7-4571-818b-6a12f2af6b6c e6d1a23a-da11-4be4-9570-befc86d067a7 5f2222b1-57c3-48ba-8ad5-d4759f1fde6f 62e90394-69f5-4237-9190-012177145e10 c430b396-e693-46cc-96f3-db01bf8bb62a 9c6df0f2-1e7c-4dc3-b195-66dfbd24aa8f 29232cdf-9323-42fd-ade2-1d097af3e4de 5d6b6bb7-de71-4623-b4af-96380a352509 194ae4cb-b126-40b2-bd5b-6091b380977d f2ef992c-3afb-46b9-b7cf-a126ee74c451 9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3 17315797-102d-40b4-93e0-432062caca18 158c047a-c907-4556-b7ef-446551a6b5f7 b79fbf4d-3ef9-4689-8143-76b194e85509", "atContent": ""}}
{"time": "2024-01-29T21:30:31.0565406Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "ServicePrincipalSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.97.19", "correlationId": "5aab6e80-3bcd-4a83-bd6b-b87a62aeec97", "Level": 4, "properties": {"id": "6096bed7-b6e8-4f4f-96e0-ed73bc4c3100", "createdDateTime": "2024-01-29T21:28:12.6422521+00:00", "userId": null, "appId": "2f7d225e-ae9b-478c-842b-1716c08f3384", "ipAddress": "120.1.97.19", "status": {"errorCode": 0}, "location": {"city": "", "state": "", "countryOrRegion": "", "geoCoordinates": {"latitude": 100.0, "longitude": 100.0}}, "correlationId": "5aab6e80-3bcd-4a83-bd6b-b87a62aeec97", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "isInteractive": false, "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Azure AD App Authentication Library", "value": ""}], "clientCredentialType": "none", "processingTimeInMilliseconds": 0, "riskDetail": "none", "riskLevelAggregated": "low", "riskLevelDuringSignIn": "low", "riskState": "none", "resourceDisplayName": "Office 365 Management APIs", "resourceId": "c5393580-f805-4401-95e8-94b7a6ef2fc2", "servicePrincipalName": "Research", "servicePrincipalId": "60ee4f4e-9221-479c-92df-4c97cb5e2f9d", "flaggedForReview": false, "isTenantRestricted": false, "crossTenantAccessType": "none", "servicePrincipalCredentialKeyId": "a7e8347c-5a38-45ec-a875-b8c6113a2881", "uniqueTokenIdentifier": "176WYOi2T0-W4O1zvEwxAA", "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "47e1c3d7-c9d5-4488-8325-43b5ea29b0b7", "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}}
{"time": "2024-01-29T21:30:31.0565406Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "ServicePrincipalSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.97.19", "correlationId": "c9bd4d52-f05f-4082-94f8-61151c6f96a6", "Level": 4, "location": "US", "properties": {"id": "6096bed7-b6e8-4f4f-96e0-ed73a64b3100", "createdDateTime": "2024-01-29T21:28:09.8812597+00:00", "userId": null, "appId": "2f7d225e-ae9b-478c-842b-1716c08f3384", "ipAddress": "120.1.97.19", "status": {"errorCode": 0}, "location": {"city": "Boardman", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 145.83599853515625, "longitude": -19.698997497558594}}, "correlationId": "c9bd4d52-f05f-4082-94f8-61151c6f96a6", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "isInteractive": false, "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Azure AD App Authentication Library", "value": ""}], "clientCredentialType": "none", "processingTimeInMilliseconds": 0, "riskDetail": "none", "riskLevelAggregated": "low", "riskLevelDuringSignIn": "low", "riskState": "none", "resourceDisplayName": "Office 365 Management APIs", "resourceId": "c5393580-f805-4401-95e8-94b7a6ef2fc2", "servicePrincipalName": "Research", "servicePrincipalId": "60ee4f4e-9221-479c-92df-4c97cb5e2f9d", "flaggedForReview": false, "isTenantRestricted": false, "crossTenantAccessType": "none", "servicePrincipalCredentialKeyId": "a7e8347c-5a38-45ec-a875-b8c6113a2881", "uniqueTokenIdentifier": "176WYOi2T0-W4O1zpksxAA", "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "47e1c3d7-c9d5-4488-8325-43b5ea29b0b7", "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}}
{"time": "2024-01-29T21:30:27.5889843Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "ServicePrincipalSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.97.19", "correlationId": "eb852836-e4c4-4a12-9e80-f570a596e77d", "Level": 4, "location": "US", "properties": {"id": "d7815cff-b40d-44a1-bc33-918cffa71900", "createdDateTime": "2024-01-29T21:28:09.0629763+00:00", "userId": null, "appId": "2f7d225e-ae9b-478c-842b-1716c08f3384", "ipAddress": "120.1.97.19", "status": {"errorCode": 0}, "location": {"city": "Boardman", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 145.83599853515625, "longitude": -19.698997497558594}}, "correlationId": "eb852836-e4c4-4a12-9e80-f570a596e77d", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "isInteractive": false, "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Azure AD App Authentication Library", "value": ""}], "clientCredentialType": "none", "processingTimeInMilliseconds": 0, "riskDetail": "none", "riskLevelAggregated": "low", "riskLevelDuringSignIn": "low", "riskState": "none", "resourceDisplayName": "Microsoft Graph", "resourceId": "00000003-0000-0000-c000-000000000000", "servicePrincipalName": "Research", "servicePrincipalId": "60ee4f4e-9221-479c-92df-4c97cb5e2f9d", "flaggedForReview": false, "isTenantRestricted": false, "crossTenantAccessType": "none", "servicePrincipalCredentialKeyId": "a7e8347c-5a38-45ec-a875-b8c6113a2881", "uniqueTokenIdentifier": "_1yB1w20oUS8M5GM_6cZAA", "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "ce7199b4-8f52-46f3-b54b-4fd81de961e2", "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}}
{"time": "2024-01-29T21:30:24.6045079Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "ServicePrincipalSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.97.19", "correlationId": "166af209-3a00-44c3-a8d8-3c36f16e8404", "Level": 4, "location": "US", "properties": {"id": "c3352b87-779e-49d7-9603-b3e63b952f00", "createdDateTime": "2024-01-29T21:28:09.0099983+00:00", "userId": null, "appId": "2f7d225e-ae9b-478c-842b-1716c08f3384", "ipAddress": "120.1.97.19", "status": {"errorCode": 0}, "location": {"city": "Boardman", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 145.83599853515625, "longitude": -19.698997497558594}}, "correlationId": "166af209-3a00-44c3-a8d8-3c36f16e8404", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "isInteractive": false, "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Azure AD App Authentication Library", "value": ""}], "clientCredentialType": "none", "processingTimeInMilliseconds": 0, "riskDetail": "none", "riskLevelAggregated": "low", "riskLevelDuringSignIn": "low", "riskState": "none", "resourceDisplayName": "Microsoft Graph", "resourceId": "00000003-0000-0000-c000-000000000000", "servicePrincipalName": "Research", "servicePrincipalId": "60ee4f4e-9221-479c-92df-4c97cb5e2f9d", "flaggedForReview": false, "isTenantRestricted": false, "crossTenantAccessType": "none", "servicePrincipalCredentialKeyId": "a7e8347c-5a38-45ec-a875-b8c6113a2881", "uniqueTokenIdentifier": "hys1w55310mWA7PmO5UvAA", "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "ce7199b4-8f52-46f3-b54b-4fd81de961e2", "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}}
{"time": "2024-01-29T21:30:16.6610375Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "ServicePrincipalSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.97.19", "correlationId": "5792bc70-a23d-4dc8-877f-2a2374fbe103", "Level": 4, "location": "US", "properties": {"id": "09c678d4-cd21-4efc-94a5-0c0069403300", "createdDateTime": "2024-01-29T21:28:10.5736759+00:00", "userId": null, "appId": "2f7d225e-ae9b-478c-842b-1716c08f3384", "ipAddress": "120.1.97.19", "status": {"errorCode": 0}, "location": {"city": "Boardman", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 145.83599853515625, "longitude": -19.698997497558594}}, "correlationId": "5792bc70-a23d-4dc8-877f-2a2374fbe103", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "isInteractive": false, "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Azure AD App Authentication Library", "value": ""}], "clientCredentialType": "none", "processingTimeInMilliseconds": 0, "riskDetail": "none", "riskLevelAggregated": "low", "riskLevelDuringSignIn": "low", "riskState": "none", "resourceDisplayName": "Microsoft Graph", "resourceId": "00000003-0000-0000-c000-000000000000", "servicePrincipalName": "Research", "servicePrincipalId": "60ee4f4e-9221-479c-92df-4c97cb5e2f9d", "flaggedForReview": false, "isTenantRestricted": false, "crossTenantAccessType": "none", "servicePrincipalCredentialKeyId": "409fa253-45ce-4321-b519-c01de5fe084e", "uniqueTokenIdentifier": "1HjGCSHN_E6UpQwAaUAzAA", "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "ce7199b4-8f52-46f3-b54b-4fd81de961e2", "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}}
{"time": "2024-01-29T21:30:15.5860296Z", "resourceId": "/TENANTS/A417C578-C7EE-480D-A225-D48057E74DF5/PROVIDERS/MICROSOFT.AADIAM", "operationName": "Microsoft Graph Activity", "operationVersion": "beta", "category": "MicrosoftGraphActivityLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultSignature": "200", "durationMs": 62800029, "callerIpAddress": "120.1.97.19", "correlationId": "346fa284-1c3f-4ec5-ad8e-1fd40d53d083", "Level": 4, "location": "West US 2", "properties": {"timeGenerated": "2024-01-29T21:30:15.5860296Z", "location": "West US 2", "requestId": "346fa284-1c3f-4ec5-ad8e-1fd40d53d083", "operationId": "346fa284-1c3f-4ec5-ad8e-1fd40d53d083", "clientRequestId": "346fa284-1c3f-4ec5-ad8e-1fd40d53d083", "apiVersion": "beta", "requestMethod": "GET", "responseStatusCode": 200, "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "ipAddress": "120.1.97.19", "userAgent": "python-requests/2.28.1", "requestUri": "https://graph.microsoft.com/beta/auditLogs/signIns?$orderby=createdDateTime&$filter=createdDateTime+gt+2024-01-29T20:39:45Z+and+createdDateTime+le+2024-01-29T21:23:09.247831Z", "durationMs": 62800029, "responseSizeBytes": 3242, "signInActivityId": "ZLgzMsfIeUydk-WIE4o3AA", "roles": "ServiceMessage.Read.All Directory.Read.All AuditLog.Read.All Policy.Read.All ServiceHealth.Read.All Reports.Read.All", "tokenIssuedAt": "2024-01-29T21:25:09Z", "appId": "2f7d225e-ae9b-478c-842b-1716c08f3384", "userId": null, "servicePrincipalId": "60ee4f4e-9221-479c-92df-4c97cb5e2f9d", "scopes": null, "identityProvider": "https://sts.windows.net/75243ab2-44f8-435c-a7a6-b479385df6d4/", "clientAuthMethod": "1", "wids": "0997a1d0-0d1d-4acb-b408-d5ca73121e90", "atContent": ""}}
{"time": "2024-01-29T21:30:07.2330601Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "ServicePrincipalSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.97.19", "correlationId": "75c3e9b4-5740-4fef-9e40-c356e87bfb94", "Level": 4, "location": "US", "properties": {"id": "b9d13367-b2c0-4298-ae17-1241a6283a00", "createdDateTime": "2024-01-29T21:28:11.2682714+00:00", "userId": null, "appId": "2f7d225e-ae9b-478c-842b-1716c08f3384", "ipAddress": "120.1.97.19", "status": {"errorCode": 0}, "location": {"city": "Boardman", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 145.83599853515625, "longitude": -19.698997497558594}}, "correlationId": "75c3e9b4-5740-4fef-9e40-c356e87bfb94", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "isInteractive": false, "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Azure AD App Authentication Library", "value": ""}], "clientCredentialType": "none", "processingTimeInMilliseconds": 0, "riskDetail": "none", "riskLevelAggregated": "low", "riskLevelDuringSignIn": "low", "riskState": "none", "resourceDisplayName": "Microsoft Graph", "resourceId": "00000003-0000-0000-c000-000000000000", "servicePrincipalName": "Research", "servicePrincipalId": "60ee4f4e-9221-479c-92df-4c97cb5e2f9d", "flaggedForReview": false, "isTenantRestricted": false, "crossTenantAccessType": "none", "servicePrincipalCredentialKeyId": "a7e8347c-5a38-45ec-a875-b8c6113a2881", "uniqueTokenIdentifier": "ZzPRucCymEKuFxJBpig6AA", "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "ce7199b4-8f52-46f3-b54b-4fd81de961e2", "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}}
{"time": "2024-01-29T21:29:48.0131575Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "ServicePrincipalSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.97.19", "correlationId": "2ea03f9f-c1d2-40d8-9fd1-49b60e6109e5", "Level": 4, "location": "US", "properties": {"id": "fcd73218-1912-407e-978e-41b578ea2200", "createdDateTime": "2024-01-29T21:28:10.6655816+00:00", "userId": null, "appId": "2f7d225e-ae9b-478c-842b-1716c08f3384", "ipAddress": "120.1.97.19", "status": {"errorCode": 0}, "location": {"city": "Boardman", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 145.83599853515625, "longitude": -19.698997497558594}}, "correlationId": "2ea03f9f-c1d2-40d8-9fd1-49b60e6109e5", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "isInteractive": false, "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Azure AD App Authentication Library", "value": ""}], "clientCredentialType": "none", "processingTimeInMilliseconds": 0, "riskDetail": "none", "riskLevelAggregated": "low", "riskLevelDuringSignIn": "low", "riskState": "none", "resourceDisplayName": "Microsoft Graph", "resourceId": "00000003-0000-0000-c000-000000000000", "servicePrincipalName": "Research", "servicePrincipalId": "60ee4f4e-9221-479c-92df-4c97cb5e2f9d", "flaggedForReview": false, "isTenantRestricted": false, "crossTenantAccessType": "none", "servicePrincipalCredentialKeyId": "a7e8347c-5a38-45ec-a875-b8c6113a2881", "uniqueTokenIdentifier": "GDLX_BIZfkCXjkG1eOoiAA", "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "ce7199b4-8f52-46f3-b54b-4fd81de961e2", "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}}
{"time": "2024-01-29T21:29:37.5368686Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "ServicePrincipalSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.97.19", "correlationId": "39c26d1c-baf5-4030-aca3-92f1c532faed", "Level": 4, "location": "US", "properties": {"id": "4ca742d3-d9f7-4173-8e4d-22423a262200", "createdDateTime": "2024-01-29T21:28:10.0365293+00:00", "userId": null, "appId": "2f7d225e-ae9b-478c-842b-1716c08f3384", "ipAddress": "120.1.97.19", "status": {"errorCode": 0}, "location": {"city": "Boardman", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 145.83599853515625, "longitude": -19.698997497558594}}, "correlationId": "39c26d1c-baf5-4030-aca3-92f1c532faed", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "isInteractive": false, "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Azure AD App Authentication Library", "value": ""}], "clientCredentialType": "none", "processingTimeInMilliseconds": 0, "riskDetail": "none", "riskLevelAggregated": "low", "riskLevelDuringSignIn": "low", "riskState": "none", "resourceDisplayName": "Office 365 Management APIs", "resourceId": "c5393580-f805-4401-95e8-94b7a6ef2fc2", "servicePrincipalName": "Research", "servicePrincipalId": "60ee4f4e-9221-479c-92df-4c97cb5e2f9d", "flaggedForReview": false, "isTenantRestricted": false, "crossTenantAccessType": "none", "servicePrincipalCredentialKeyId": "a7e8347c-5a38-45ec-a875-b8c6113a2881", "uniqueTokenIdentifier": "00KnTPfZc0GOTSJCOiYiAA", "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "47e1c3d7-c9d5-4488-8325-43b5ea29b0b7", "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}}
{"time": "2024-01-29T21:29:36.8374109Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "ServicePrincipalSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.97.19", "correlationId": "b1e81b2d-8f63-4074-a6b2-9d7189a19a58", "Level": 4, "location": "US", "properties": {"id": "d138d6ad-b946-4289-b470-46471b742900", "createdDateTime": "2024-01-29T21:28:11.0650309+00:00", "userId": null, "appId": "2f7d225e-ae9b-478c-842b-1716c08f3384", "ipAddress": "120.1.97.19", "status": {"errorCode": 0}, "location": {"city": "Boardman", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 145.83599853515625, "longitude": -19.698997497558594}}, "correlationId": "b1e81b2d-8f63-4074-a6b2-9d7189a19a58", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "isInteractive": false, "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Azure AD App Authentication Library", "value": ""}], "clientCredentialType": "none", "processingTimeInMilliseconds": 0, "riskDetail": "none", "riskLevelAggregated": "low", "riskLevelDuringSignIn": "low", "riskState": "none", "resourceDisplayName": "Office 365 Management APIs", "resourceId": "c5393580-f805-4401-95e8-94b7a6ef2fc2", "servicePrincipalName": "Research", "servicePrincipalId": "60ee4f4e-9221-479c-92df-4c97cb5e2f9d", "flaggedForReview": false, "isTenantRestricted": false, "crossTenantAccessType": "none", "servicePrincipalCredentialKeyId": "a7e8347c-5a38-45ec-a875-b8c6113a2881", "uniqueTokenIdentifier": "rdY40Ua5iUK0cEZHG3QpAA", "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "47e1c3d7-c9d5-4488-8325-43b5ea29b0b7", "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}}
{"time": "2024-01-29T21:29:35.3418036Z", "resourceId": "/TENANTS/A417C578-C7EE-480D-A225-D48057E74DF5/PROVIDERS/MICROSOFT.AADIAM", "operationName": "Microsoft Graph Activity", "operationVersion": "v1.0", "category": "MicrosoftGraphActivityLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultSignature": "200", "durationMs": 545255, "callerIpAddress": "52.188.246.20", "correlationId": "3e0e21e4-5c5b-4fc4-9cb6-575223b13f36", "Level": 4, "location": "East US 2", "properties": {"timeGenerated": "2024-01-29T21:29:35.3418036Z", "location": "East US 2", "requestId": "3e0e21e4-5c5b-4fc4-9cb6-575223b13f36", "operationId": "3e0e21e4-5c5b-4fc4-9cb6-575223b13f36", "clientRequestId": "3e0e21e4-5c5b-4fc4-9cb6-575223b13f36", "apiVersion": "v1.0", "requestMethod": "GET", "responseStatusCode": 200, "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "ipAddress": "52.188.246.20", "userAgent": "", "requestUri": "https://graph.microsoft.com/v1.0/security/incidents?$filter=%28lastUpdateDateTime%20ge%202024-01-29T21%3A20%3A43.0000000Z%20and%20lastUpdateDateTime%20lt%202024-01-29T21%3A25%3A43.0000000Z%29%20or%20%28createdDateTime%20ge%202024-01-29T21%3A20%3A43.0000000Z%20and%20createdDateTime%20lt%202024-01-29T21%3A25%3A43.0000000Z%29&$expand=alerts&$top=50&$skip=0", "durationMs": 545255, "responseSizeBytes": 103, "signInActivityId": "RS3EVQO50ECFmvhuImc-AA", "roles": "Application.Read.All Application.ReadWrite.OwnedBy GroupMember.Read.All IdentityRiskyUser.Read.All Organization.Read.All SecurityAlert.ReadWrite.All SecurityIncident.Read.All SecurityIncident.ReadWrite.All Team.Create TeamMember.ReadWriteNonOwnerRole.All TeamSettings.ReadWrite.All TeamsTab.Create TeamsTab.ReadWriteForTeam.All ThreatIntelligence.Read.All User.Read.All", "tokenIssuedAt": "2024-01-29T02:34:49Z", "appId": "98785600-1bb7-4fb9-b9fa-19afe2c8a360", "userId": null, "servicePrincipalId": "a7aed67e-bce6-43d5-b2a9-388680a2d7aa", "scopes": null, "identityProvider": "https://sts.windows.net/75243ab2-44f8-435c-a7a6-b479385df6d4/", "clientAuthMethod": "2", "wids": "0997a1d0-0d1d-4acb-b408-d5ca73121e90", "atContent": ""}}
{"time": "2024-01-29T21:29:24.8596639Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "ServicePrincipalSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.97.19", "correlationId": "56e879a9-4d97-4aef-ad7b-40936fa7aeda", "Level": 4, "location": "US", "properties": {"id": "8e32c123-da4b-407e-8030-7825b34c2800", "createdDateTime": "2024-01-29T21:27:08.2801435+00:00", "userId": null, "appId": "2f7d225e-ae9b-478c-842b-1716c08f3384", "ipAddress": "120.1.97.19", "status": {"errorCode": 0}, "location": {"city": "Boardman", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 145.83599853515625, "longitude": -19.698997497558594}}, "correlationId": "56e879a9-4d97-4aef-ad7b-40936fa7aeda", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "isInteractive": false, "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Azure AD App Authentication Library", "value": ""}], "clientCredentialType": "none", "processingTimeInMilliseconds": 0, "riskDetail": "none", "riskLevelAggregated": "low", "riskLevelDuringSignIn": "low", "riskState": "none", "resourceDisplayName": "Microsoft Graph", "resourceId": "00000003-0000-0000-c000-000000000000", "servicePrincipalName": "Research", "servicePrincipalId": "60ee4f4e-9221-479c-92df-4c97cb5e2f9d", "flaggedForReview": false, "isTenantRestricted": false, "crossTenantAccessType": "none", "servicePrincipalCredentialKeyId": "409fa253-45ce-4321-b519-c01de5fe084e", "uniqueTokenIdentifier": "I8EyjkvafkCAMHgls0woAA", "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "ce7199b4-8f52-46f3-b54b-4fd81de961e2", "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}}
{"time": "2024-01-29T21:29:09.5210344Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "ManagedIdentitySignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "correlationId": "bef6f4d2-6d90-4cdb-836c-4643399cefb4", "Level": 4, "properties": {"id": "5cb58aec-14e0-478f-9437-5932a532ed00", "createdDateTime": "2024-01-29T21:27:07.2263254+00:00", "userId": null, "appId": "5a26ce6f-b53d-4759-8317-679d3520f7ee", "ipAddress": "", "status": {"errorCode": 0}, "location": {"city": "", "state": "", "countryOrRegion": "", "geoCoordinates": {"latitude": 100.0, "longitude": 100.0}}, "correlationId": "bef6f4d2-6d90-4cdb-836c-4643399cefb4", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "isInteractive": false, "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 0, "riskDetail": "none", "riskLevelAggregated": "low", "riskLevelDuringSignIn": "low", "riskState": "none", "resourceDisplayName": "Azure Monitor Control Service", "resourceId": "e933bd07-d2ee-4f1d-933c-3752b819567b", "servicePrincipalName": "pluginframeworkcompute", "servicePrincipalId": "ab9ae268-6598-42c3-9ef0-9e05d3bb49b7", "federatedCredentialId": "", "flaggedForReview": false, "isTenantRestricted": false, "crossTenantAccessType": "none", "uniqueTokenIdentifier": "7Iq1XOAUj0eUN1kypTLtAA", "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "9d11ce9f-ee02-407d-87ab-1ff4bcb32fe5", "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}}
{"time": "2024-01-29T21:29:08.9294429Z", "resourceId": "/TENANTS/A417C578-C7EE-480D-A225-D48057E74DF5/PROVIDERS/MICROSOFT.AADIAM", "operationName": "Microsoft Graph Activity", "operationVersion": "beta", "category": "MicrosoftGraphActivityLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultSignature": "200", "durationMs": 6624748, "callerIpAddress": "120.1.97.19", "correlationId": "69ddf82b-1287-4be9-98cb-3a1961c1bbcf", "Level": 4, "location": "West US 2", "properties": {"timeGenerated": "2024-01-29T21:29:08.9294429Z", "location": "West US 2", "requestId": "69ddf82b-1287-4be9-98cb-3a1961c1bbcf", "operationId": "69ddf82b-1287-4be9-98cb-3a1961c1bbcf", "clientRequestId": "69ddf82b-1287-4be9-98cb-3a1961c1bbcf", "apiVersion": "beta", "requestMethod": "GET", "responseStatusCode": 200, "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "ipAddress": "120.1.97.19", "userAgent": "python-requests/2.28.1", "requestUri": "https://graph.microsoft.com/beta/auditLogs/signIns?$orderby=createdDateTime&$filter=createdDateTime+gt+2024-01-29T20:39:45Z+and+createdDateTime+le+2024-01-29T21:22:08.205721Z", "durationMs": 6624748, "responseSizeBytes": 3242, "signInActivityId": "oNxXWpM6IUm9_bqCxuI4AA", "roles": "ServiceMessage.Read.All Directory.Read.All AuditLog.Read.All Policy.Read.All ServiceHealth.Read.All Reports.Read.All", "tokenIssuedAt": "2024-01-29T21:24:08Z", "appId": "2f7d225e-ae9b-478c-842b-1716c08f3384", "userId": null, "servicePrincipalId": "60ee4f4e-9221-479c-92df-4c97cb5e2f9d", "scopes": null, "identityProvider": "https://sts.windows.net/75243ab2-44f8-435c-a7a6-b479385df6d4/", "clientAuthMethod": "1", "wids": "0997a1d0-0d1d-4acb-b408-d5ca73121e90", "atContent": ""}}
{"time": "2024-01-29T21:29:07.9245429Z", "resourceId": "/TENANTS/A417C578-C7EE-480D-A225-D48057E74DF5/PROVIDERS/MICROSOFT.AADIAM", "operationName": "Microsoft Graph Activity", "operationVersion": "v1.0", "category": "MicrosoftGraphActivityLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultSignature": "200", "durationMs": 407397, "callerIpAddress": "4.157.17.0", "correlationId": "937641bd-f488-4f08-8de8-2762ec6f9b33", "Level": 4, "location": "East US", "properties": {"timeGenerated": "2024-01-29T21:29:07.9245429Z", "location": "East US", "requestId": "937641bd-f488-4f08-8de8-2762ec6f9b33", "operationId": "937641bd-f488-4f08-8de8-2762ec6f9b33", "clientRequestId": "937641bd-f488-4f08-8de8-2762ec6f9b33", "apiVersion": "v1.0", "requestMethod": "GET", "responseStatusCode": 200, "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "ipAddress": "4.157.17.0", "userAgent": "", "requestUri": "https://graph.microsoft.com/v1.0/security/alerts_v2?$filter=%28lastUpdateDateTime%20ge%202024-01-29T21%3A20%3A43.0000000Z%20and%20lastUpdateDateTime%20lt%202024-01-29T21%3A25%3A43.0000000Z%29%20or%20%28createdDateTime%20ge%202024-01-29T21%3A20%3A43.0000000Z%20and%20createdDateTime%20lt%202024-01-29T21%3A25%3A43.0000000Z%29&$top=1000&$skip=0", "durationMs": 407397, "responseSizeBytes": 93, "signInActivityId": "yOMcc3x5IEO77Pd1CloJAA", "roles": "Application.Read.All Application.ReadWrite.OwnedBy GroupMember.Read.All IdentityRiskyUser.Read.All Organization.Read.All SecurityAlert.ReadWrite.All SecurityIncident.Read.All SecurityIncident.ReadWrite.All Team.Create TeamMember.ReadWriteNonOwnerRole.All TeamSettings.ReadWrite.All TeamsTab.Create TeamsTab.ReadWriteForTeam.All ThreatIntelligence.Read.All User.Read.All", "tokenIssuedAt": "2024-01-29T02:34:15Z", "appId": "98785600-1bb7-4fb9-b9fa-19afe2c8a360", "userId": null, "servicePrincipalId": "a7aed67e-bce6-43d5-b2a9-388680a2d7aa", "scopes": null, "identityProvider": "https://sts.windows.net/75243ab2-44f8-435c-a7a6-b479385df6d4/", "clientAuthMethod": "2", "wids": "0997a1d0-0d1d-4acb-b408-d5ca73121e90", "atContent": ""}}
{"time": "2024-01-29T21:29:07.1816747Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "ServicePrincipalSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.97.19", "correlationId": "23de13a4-7151-4210-98fd-410806e5389c", "Level": 4, "location": "US", "properties": {"id": "eaae879f-b919-4999-a37e-8d574bf53100", "createdDateTime": "2024-01-29T21:26:08.3686134+00:00", "userId": null, "appId": "2f7d225e-ae9b-478c-842b-1716c08f3384", "ipAddress": "120.1.97.19", "status": {"errorCode": 0}, "location": {"city": "Boardman", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 145.83599853515625, "longitude": -19.698997497558594}}, "correlationId": "23de13a4-7151-4210-98fd-410806e5389c", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "isInteractive": false, "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Azure AD App Authentication Library", "value": ""}], "clientCredentialType": "none", "processingTimeInMilliseconds": 0, "riskDetail": "none", "riskLevelAggregated": "low", "riskLevelDuringSignIn": "low", "riskState": "none", "resourceDisplayName": "Microsoft Graph", "resourceId": "00000003-0000-0000-c000-000000000000", "servicePrincipalName": "Research", "servicePrincipalId": "60ee4f4e-9221-479c-92df-4c97cb5e2f9d", "flaggedForReview": false, "isTenantRestricted": false, "crossTenantAccessType": "none", "servicePrincipalCredentialKeyId": "409fa253-45ce-4321-b519-c01de5fe084e", "uniqueTokenIdentifier": "n4eu6hm5mUmjfo1XS_UxAA", "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "ce7199b4-8f52-46f3-b54b-4fd81de961e2", "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}}