{"time": "2023-10-31T18:02:01.6399438Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "177efdc2-688f-46bb-962a-81fe51aaaee5", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "075f2c9b-ea7e-44b2-b19d-084635f94000", "createdDateTime": "2023-10-31T17:59:11.2681723+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "0000000c-0000-0000-c000-000000000000", "appDisplayName": "Microsoft App Access Panel", "ipAddress": "120.1.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Rich Client 5.2.7.0"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {}, "correlationId": "177efdc2-688f-46bb-962a-81fe51aaaee5", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "075f2c9b-ea7e-44b2-b19d-084635f94000", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"user_impersonation\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 304, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Active Directory", "resourceId": "00000002-0000-0000-c000-000000000000", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:59:11.2681723+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "myxfB37qskSxnQhGNflAAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "56ad242f-e13b-47fc-8de8-19e3bf6f6575", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T18:01:33.4487942Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "367f5194-766b-4e14-875b-5ad45de67a37", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "a5739449-ac6b-4330-8c6a-9bbf77814600", "createdDateTime": "2023-10-31T17:59:13.7288782+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "0000000c-0000-0000-c000-000000000000", "appDisplayName": "Microsoft App Access Panel", "ipAddress": "120.1.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Rich Client 5.2.7.0"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {}, "correlationId": "367f5194-766b-4e14-875b-5ad45de67a37", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "a5739449-ac6b-4330-8c6a-9bbf77814600", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"user_impersonation\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 184, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Active Directory", "resourceId": "00000002-0000-0000-c000-000000000000", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:59:13.7288782+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "SZRzpWusMEOMapu_d4FGAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "56ad242f-e13b-47fc-8de8-19e3bf6f6575", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T18:01:20.8593056Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "41fa33b4-7d0a-4fe7-b1f0-a7cda1f058bf", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "6199412b-26a2-4770-a2ff-40cede8a2800", "createdDateTime": "2023-10-31T17:58:08.1215771+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "19db86c3-b2b9-44cc-b339-36da233a3be2", "appDisplayName": "My Signins", "ipAddress": "120.1.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 118.0.0"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {}, "correlationId": "41fa33b4-7d0a-4fe7-b1f0-a7cda1f058bf", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "6199412b-26a2-4770-a2ff-40cede8a2800", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"ShellInfo.Read\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 103, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Office365 Shell WCSS-Server", "resourceId": "5f09333a-842c-47da-a157-57da27fcbca5", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:58:08.1215771+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "K0GZYaImcEei_0DO3oooAA", "authenticationStrengths": [], "incomingTokenType": "primaryRefreshToken", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": null, "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T18:01:17.6095118Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "d994e94c-49e4-44f1-b07a-bc3204f66db1", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "15ac084c-6470-4fd4-8cbf-244663952700", "createdDateTime": "2023-10-31T17:58:00.9747927+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "8c59ead7-d703-4a27-9e55-c96a0054c8d2", "appDisplayName": "My Profile", "ipAddress": "120.1.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 118.0.0"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {}, "correlationId": "d994e94c-49e4-44f1-b07a-bc3204f66db1", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "15ac084c-6470-4fd4-8cbf-244663952700", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"user_impersonation\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 100, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Active Directory", "resourceId": "00000002-0000-0000-c000-000000000000", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:58:00.9747927+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "TAisFXBk1E-MvyRGY5UnAA", "authenticationStrengths": [], "incomingTokenType": "primaryRefreshToken", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "56ad242f-e13b-47fc-8de8-19e3bf6f6575", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T18:01:16.7713292Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "ae252e61-183c-4b6c-8e5d-0f1856e9e923", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "063af4bd-8da8-42e4-9757-729d5bad2800", "createdDateTime": "2023-10-31T17:58:00.9835184+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "8c59ead7-d703-4a27-9e55-c96a0054c8d2", "appDisplayName": "My Profile", "ipAddress": "120.1.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 118.0.0"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {}, "correlationId": "ae252e61-183c-4b6c-8e5d-0f1856e9e923", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "063af4bd-8da8-42e4-9757-729d5bad2800", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"AuditLog.Read.All\",\"BitlockerKey.Read.All\",\"Device.Read.All\",\"email\",\"Group.Read.All\",\"Group.ReadWrite.All\",\"GroupMember.Read.All\",\"MailboxSettings.ReadWrite\",\"openid\",\"Organization.Read.All\",\"Policy.Read.All\",\"profile\",\"RoleManagement.ReadWrite.Directory\",\"User.Invite.All\",\"User.Read.All\",\"User.ReadBasic.All\",\"User.ReadWrite\",\"CrossTenantInformation.ReadBasic.All\",\"CrossTenantUserProfileSharing.ReadWrite.All\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 111, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Microsoft Graph", "resourceId": "00000003-0000-0000-c000-000000000000", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:58:00.9835184+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "vfQ6BqiN5EKXV3KdW60oAA", "authenticationStrengths": [], "incomingTokenType": "primaryRefreshToken", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "ce7199b4-8f52-46f3-b54b-4fd81de961e2", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T18:01:16.5683668Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "73ad3b2c-15f6-44fc-b6e4-31fbb130041e", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "7aa8d3ba-dee6-4b83-aecc-656383174600", "createdDateTime": "2023-10-31T17:58:01.0921419+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "8c59ead7-d703-4a27-9e55-c96a0054c8d2", "appDisplayName": "My Profile", "ipAddress": "120.1.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 118.0.0"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {}, "correlationId": "73ad3b2c-15f6-44fc-b6e4-31fbb130041e", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "7aa8d3ba-dee6-4b83-aecc-656383174600", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"ShellInfo.Read\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 191, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Office365 Shell WCSS-Server", "resourceId": "5f09333a-842c-47da-a157-57da27fcbca5", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:58:01.0921419+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "utOoeubeg0uuzGVjgxdGAA", "authenticationStrengths": [], "incomingTokenType": "primaryRefreshToken", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": null, "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T18:01:08.4664781Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "e3db9912-58b1-4ca5-990b-165034293549", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "a574e6dd-8279-4b2a-a779-5477c8570700", "createdDateTime": "2023-10-31T17:58:02.1892581+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "0000000c-0000-0000-c000-000000000000", "appDisplayName": "Microsoft App Access Panel", "ipAddress": "120.1.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Rich Client 5.2.7.0"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {}, "correlationId": "e3db9912-58b1-4ca5-990b-165034293549", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "a574e6dd-8279-4b2a-a779-5477c8570700", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"user_impersonation\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 111, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Active Directory", "resourceId": "00000002-0000-0000-c000-000000000000", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:58:02.1892581+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "3eZ0pXmCKkuneVR3yFcHAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "56ad242f-e13b-47fc-8de8-19e3bf6f6575", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T18:01:04.9368525Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "3ff902d6-fc72-4c5a-8742-2d6f1f264ebf", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "fe43446f-ede4-4c9a-a8f9-a5bfd5332500", "createdDateTime": "2023-10-31T17:58:10.1086829+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "19db86c3-b2b9-44cc-b339-36da233a3be2", "appDisplayName": "My Signins", "ipAddress": "120.1.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Rich Client 4.55.0.0"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {}, "correlationId": "3ff902d6-fc72-4c5a-8742-2d6f1f264ebf", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "fe43446f-ede4-4c9a-a8f9-a5bfd5332500", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"tenants.read\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 111, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Microsoft App Access Panel", "resourceId": "0000000c-0000-0000-c000-000000000000", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:58:10.1086829+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "b0RD_uTtmkyo-aW_1TMlAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "36d3537c-8bd8-4aef-8088-699ece69e2c6", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T18:01:04.0051327Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "ff6a8fd8-609f-49eb-be7a-c893ef6fdc57", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "203f0c84-10d2-44db-8854-d089562d2a00", "createdDateTime": "2023-10-31T17:58:10.4226984+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "0000000c-0000-0000-c000-000000000000", "appDisplayName": "Microsoft App Access Panel", "ipAddress": "120.1.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Rich Client 5.2.7.0"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {}, "correlationId": "ff6a8fd8-609f-49eb-be7a-c893ef6fdc57", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "203f0c84-10d2-44db-8854-d089562d2a00", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"user_impersonation\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 146, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Active Directory", "resourceId": "00000002-0000-0000-c000-000000000000", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:58:10.4226984+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "hAw_INIQ20SIVNCJVi0qAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "56ad242f-e13b-47fc-8de8-19e3bf6f6575", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T18:01:03.8016141Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "33cfff9a-3943-4f10-950d-54dca733e70f", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "517d0fa8-ce62-4748-b3aa-7535f2d64b00", "createdDateTime": "2023-10-31T17:58:08.4912507+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "19db86c3-b2b9-44cc-b339-36da233a3be2", "appDisplayName": "My Signins", "ipAddress": "120.1.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Rich Client 4.55.0.0"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {}, "correlationId": "33cfff9a-3943-4f10-950d-54dca733e70f", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "517d0fa8-ce62-4748-b3aa-7535f2d64b00", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"user_impersonation\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 113, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Active Directory", "resourceId": "00000002-0000-0000-c000-000000000000", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:58:08.4912507+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "qA99UWLOSEezqnU18tZLAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "56ad242f-e13b-47fc-8de8-19e3bf6f6575", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T18:01:01.4098377Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "8b48c669-f27a-46bc-bf3c-bdb206ee7f95", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "0e256e9a-3850-45bb-b93f-9162fe762900", "createdDateTime": "2023-10-31T17:58:01.7311387+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "8c59ead7-d703-4a27-9e55-c96a0054c8d2", "appDisplayName": "My Profile", "ipAddress": "120.1.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Rich Client 4.49.1.0"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {}, "correlationId": "8b48c669-f27a-46bc-bf3c-bdb206ee7f95", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "0e256e9a-3850-45bb-b93f-9162fe762900", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"tenants.read\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 103, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Microsoft App Access Panel", "resourceId": "0000000c-0000-0000-c000-000000000000", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:58:01.7311387+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "mm4lDlA4u0W5P5Fi_nYpAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "36d3537c-8bd8-4aef-8088-699ece69e2c6", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T18:00:56.0429165Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "2805c526-b1e8-4eb2-a32a-9a803f202786", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "079ce738-3879-487b-b15b-687a9da24500", "createdDateTime": "2023-10-31T17:58:50.851556+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "0000000c-0000-0000-c000-000000000000", "appDisplayName": "Microsoft App Access Panel", "ipAddress": "120.1.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Rich Client 5.2.7.0"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {}, "correlationId": "2805c526-b1e8-4eb2-a32a-9a803f202786", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "079ce738-3879-487b-b15b-687a9da24500", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"user_impersonation\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 302, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Active Directory", "resourceId": "00000002-0000-0000-c000-000000000000", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:58:50.851556+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "OOecB3k4e0ixW2h6naJFAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "56ad242f-e13b-47fc-8de8-19e3bf6f6575", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T18:00:54.6813718Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "29d665a5-97b6-4d56-9b30-ce41d857a15e", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "5a63e332-362a-4946-8a56-d6aa88c22500", "createdDateTime": "2023-10-31T17:58:09.9962641+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "66a88757-258c-4c72-893c-3e8bed4d6899", "appDisplayName": "Office 365 Search Service", "ipAddress": "120.1.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Rich Client 4.44.0.0"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {}, "correlationId": "29d665a5-97b6-4d56-9b30-ce41d857a15e", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "5a63e332-362a-4946-8a56-d6aa88c22500", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"Title.ReadWrite\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 99, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Microsoft 365 App Catalog Services", "resourceId": "e8be65d6-d430-4289-a665-51bf2a194bda", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:58:09.9962641+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "MuNjWio2RkmKVtaqiMIlAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": null, "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T18:00:54.6345018Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "ec602439-4797-4590-928e-b024890df486", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "5a63e332-362a-4946-8a56-d6aaabbf2500", "createdDateTime": "2023-10-31T17:58:00.9838824+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "8c59ead7-d703-4a27-9e55-c96a0054c8d2", "appDisplayName": "My Profile", "ipAddress": "120.1.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 118.0.0"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {}, "correlationId": "ec602439-4797-4590-928e-b024890df486", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "5a63e332-362a-4946-8a56-d6aaabbf2500", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"AuditLog.Read.All\",\"BitlockerKey.Read.All\",\"Device.Read.All\",\"email\",\"Group.Read.All\",\"Group.ReadWrite.All\",\"GroupMember.Read.All\",\"MailboxSettings.ReadWrite\",\"openid\",\"Organization.Read.All\",\"Policy.Read.All\",\"profile\",\"RoleManagement.ReadWrite.Directory\",\"User.Invite.All\",\"User.Read.All\",\"User.ReadBasic.All\",\"User.ReadWrite\",\"CrossTenantInformation.ReadBasic.All\",\"CrossTenantUserProfileSharing.ReadWrite.All\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 108, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Microsoft Graph", "resourceId": "00000003-0000-0000-c000-000000000000", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:58:00.9838824+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "MuNjWio2RkmKVtaqq78lAA", "authenticationStrengths": [], "incomingTokenType": "primaryRefreshToken", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "ce7199b4-8f52-46f3-b54b-4fd81de961e2", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T18:00:49.5217016Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "e4bd0394-6973-432d-b1a0-5586dee6884f", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "435664ba-6baf-418b-a02a-f964ccfe2900", "createdDateTime": "2023-10-31T17:58:10.0704724+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "19db86c3-b2b9-44cc-b339-36da233a3be2", "appDisplayName": "My Signins", "ipAddress": "120.1.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Rich Client 4.55.0.0"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {}, "correlationId": "e4bd0394-6973-432d-b1a0-5586dee6884f", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "435664ba-6baf-418b-a02a-f964ccfe2900", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"tenants.read\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 74, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Microsoft App Access Panel", "resourceId": "0000000c-0000-0000-c000-000000000000", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:58:10.0704724+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "umRWQ69ri0GgKvlkzP4pAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "36d3537c-8bd8-4aef-8088-699ece69e2c6", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T18:00:47.1977905Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "d9d3db7d-25bc-4e77-b580-03eddac6ca69", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "6c8cc543-9416-415e-b85b-e2ed26730600", "createdDateTime": "2023-10-31T17:58:01.7745075+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "8c59ead7-d703-4a27-9e55-c96a0054c8d2", "appDisplayName": "My Profile", "ipAddress": "120.1.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Rich Client 4.49.1.0"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {}, "correlationId": "d9d3db7d-25bc-4e77-b580-03eddac6ca69", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "6c8cc543-9416-415e-b85b-e2ed26730600", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"tenants.read\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 132, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Microsoft App Access Panel", "resourceId": "0000000c-0000-0000-c000-000000000000", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:58:01.7745075+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "Q8WMbBaUXkG4W-LtJnMGAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "36d3537c-8bd8-4aef-8088-699ece69e2c6", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T18:00:37.8928957Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "f1f7ebaa-4c1a-4a71-9c50-18875ebf6a65", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "541428b3-0154-491f-9cb6-3c31e2082700", "createdDateTime": "2023-10-31T17:58:08.4896875+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "19db86c3-b2b9-44cc-b339-36da233a3be2", "appDisplayName": "My Signins", "ipAddress": "120.1.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Rich Client 4.55.0.0"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {}, "correlationId": "f1f7ebaa-4c1a-4a71-9c50-18875ebf6a65", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "541428b3-0154-491f-9cb6-3c31e2082700", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"user_impersonation\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 97, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Active Directory", "resourceId": "00000002-0000-0000-c000-000000000000", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:58:08.4896875+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "sygUVFQBH0mctjwx4ggnAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "56ad242f-e13b-47fc-8de8-19e3bf6f6575", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T18:00:31.4583718Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "305e08af-2e74-4464-a938-ba623d1a7535", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "ca834646-85ec-4f1f-a2ee-793747772700", "createdDateTime": "2023-10-31T17:58:07.4254823+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "19db86c3-b2b9-44cc-b339-36da233a3be2", "appDisplayName": "My Signins", "ipAddress": "120.1.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 118.0.0"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {}, "correlationId": "305e08af-2e74-4464-a938-ba623d1a7535", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "ca834646-85ec-4f1f-a2ee-793747772700", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 114, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Microsoft Graph", "resourceId": "00000003-0000-0000-c000-000000000000", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:58:07.4254823+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "First factor requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 0}, {"authenticationStepDateTime": "2023-10-31T17:58:07.4254823+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "RkaDyuyFH0-i7nk3R3cnAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "ce7199b4-8f52-46f3-b54b-4fd81de961e2", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T18:00:28.3130352Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "5da898cc-3503-4246-b223-9129fd30eb54", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "8187d4b8-c15b-4cc3-b54f-17ff61722700", "createdDateTime": "2023-10-31T17:58:10.4712687+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "0000000c-0000-0000-c000-000000000000", "appDisplayName": "Microsoft App Access Panel", "ipAddress": "120.1.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Rich Client 5.2.7.0"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {}, "correlationId": "5da898cc-3503-4246-b223-9129fd30eb54", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "8187d4b8-c15b-4cc3-b54f-17ff61722700", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"user_impersonation\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 135, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Active Directory", "resourceId": "00000002-0000-0000-c000-000000000000", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:58:10.4712687+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "uNSHgVvBw0y1Txf_YXInAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "56ad242f-e13b-47fc-8de8-19e3bf6f6575", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T18:00:25.6166377Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "07d8bb05-9f78-40cd-8729-dca275019951", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "884e1943-b56c-4ab1-aefd-61acb25e2a00", "createdDateTime": "2023-10-31T17:58:08.4821428+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "19db86c3-b2b9-44cc-b339-36da233a3be2", "appDisplayName": "My Signins", "ipAddress": "120.1.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Rich Client 4.55.0.0"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {}, "correlationId": "07d8bb05-9f78-40cd-8729-dca275019951", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "884e1943-b56c-4ab1-aefd-61acb25e2a00", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"user_impersonation\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 96, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Active Directory", "resourceId": "00000002-0000-0000-c000-000000000000", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:58:08.4821428+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "QxlOiGy1sUqu_WGssl4qAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "56ad242f-e13b-47fc-8de8-19e3bf6f6575", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T18:00:22.6798796Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "c972c037-a49b-49fd-bd63-a78ae28b4a7c", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "54dbdb84-8647-4fe1-bce5-92646bbb3b00", "createdDateTime": "2023-10-31T17:58:01.1072751+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "8c59ead7-d703-4a27-9e55-c96a0054c8d2", "appDisplayName": "My Profile", "ipAddress": "120.1.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 118.0.0"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {}, "correlationId": "c972c037-a49b-49fd-bd63-a78ae28b4a7c", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "54dbdb84-8647-4fe1-bce5-92646bbb3b00", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"UserPolicies.Read\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 137, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "OCaaS Client Interaction Service", "resourceId": "c2ada927-a9e2-4564-aae2-70775a2fa0af", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:58:01.1072751+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "hNvbVEeG4U-85ZJka7s7AA", "authenticationStrengths": [], "incomingTokenType": "primaryRefreshToken", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "57b0f3bf-d63a-4915-9bd0-b9bae18710cf", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T18:00:19.2676095Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "c8542310-ddf9-46ac-b84e-60a669029f3a", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "7abebe76-a2d6-4802-9fd4-8010aee54100", "createdDateTime": "2023-10-31T17:58:08.4351272+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "8c59ead7-d703-4a27-9e55-c96a0054c8d2", "appDisplayName": "My Profile", "ipAddress": "120.1.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Rich Client 4.49.1.0"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {}, "correlationId": "c8542310-ddf9-46ac-b84e-60a669029f3a", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "7abebe76-a2d6-4802-9fd4-8010aee54100", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"groups.read\",\"groups.write\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 156, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Microsoft Approval Management", "resourceId": "65d91a3d-ab74-42e6-8a2f-0add61688c74", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:58:08.4351272+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "dr6-etaiAkif1IAQruVBAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "720fafa6-a606-4e79-a7ce-ca5a792a4384", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T18:00:14.2672423Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "ac7a36fe-a281-4950-82dd-d4d384394132", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "78180b90-5cfc-498d-b3ca-9922a3d22100", "createdDateTime": "2023-10-31T17:57:54.4666264+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "66a88757-258c-4c72-893c-3e8bed4d6899", "appDisplayName": "Office 365 Search Service", "ipAddress": "120.1.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Rich Client 4.44.0.0"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {}, "correlationId": "ac7a36fe-a281-4950-82dd-d4d384394132", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "78180b90-5cfc-498d-b3ca-9922a3d22100", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"Title.ReadWrite\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 123, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Microsoft 365 App Catalog Services", "resourceId": "e8be65d6-d430-4289-a665-51bf2a194bda", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:57:54.4666264+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "kAsYePxcjUmzypkio9IhAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": null, "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T18:00:13.6377391Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "751007cd-55a4-484a-8381-c0c87d3effcf", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "fb28dc7a-5949-426c-88eb-1d32b0ec2800", "createdDateTime": "2023-10-31T17:58:00.4980741+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "8c59ead7-d703-4a27-9e55-c96a0054c8d2", "appDisplayName": "My Profile", "ipAddress": "120.1.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 118.0.0"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {}, "correlationId": "751007cd-55a4-484a-8381-c0c87d3effcf", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "fb28dc7a-5949-426c-88eb-1d32b0ec2800", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"AuditLog.Read.All\",\"BitlockerKey.Read.All\",\"Device.Read.All\",\"email\",\"Group.Read.All\",\"Group.ReadWrite.All\",\"GroupMember.Read.All\",\"MailboxSettings.ReadWrite\",\"openid\",\"Organization.Read.All\",\"Policy.Read.All\",\"profile\",\"RoleManagement.ReadWrite.Directory\",\"User.Invite.All\",\"User.Read.All\",\"User.ReadBasic.All\",\"User.ReadWrite\",\"CrossTenantInformation.ReadBasic.All\",\"CrossTenantUserProfileSharing.ReadWrite.All\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 169, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Microsoft Graph", "resourceId": "00000003-0000-0000-c000-000000000000", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:58:00.4980741+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "etwo-0lZbEKI6x0ysOwoAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "ce7199b4-8f52-46f3-b54b-4fd81de961e2", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T18:00:04.8553163Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "0ea72285-579b-43bb-b5ac-599afcecf23a", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "ac34dfec-bf8c-403f-b6f7-644ff0522700", "createdDateTime": "2023-10-31T17:58:08.11333+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "19db86c3-b2b9-44cc-b339-36da233a3be2", "appDisplayName": "My Signins", "ipAddress": "120.1.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 118.0.0"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {}, "correlationId": "0ea72285-579b-43bb-b5ac-599afcecf23a", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "ac34dfec-bf8c-403f-b6f7-644ff0522700", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"features.read.all\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 94, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "My Profile", "resourceId": "8c59ead7-d703-4a27-9e55-c96a0054c8d2", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:58:08.11333+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "7N80rIy_P0C292RP8FInAA", "authenticationStrengths": [], "incomingTokenType": "primaryRefreshToken", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "fbf94b95-4964-4c8d-84f0-e975437cf32e", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T18:00:04.1019590Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "4d4d4cab-804e-455b-bf55-e68c4f1205b0", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "079a51d6-5e4f-4db6-a883-1cba54b33b00", "createdDateTime": "2023-10-31T17:58:10.8244856+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "0000000c-0000-0000-c000-000000000000", "appDisplayName": "Microsoft App Access Panel", "ipAddress": "120.1.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Rich Client 5.2.7.0"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {}, "correlationId": "4d4d4cab-804e-455b-bf55-e68c4f1205b0", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "079a51d6-5e4f-4db6-a883-1cba54b33b00", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"user_impersonation\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 250, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Active Directory", "resourceId": "00000002-0000-0000-c000-000000000000", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:58:10.8244856+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "1lGaB09etk2ogxy6VLM7AA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "56ad242f-e13b-47fc-8de8-19e3bf6f6575", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T17:59:53.9565549Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "0e6734b6-1fe1-4962-990e-a6e74a7c6ab2", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "787c6576-5d5c-4b5d-be7a-f6fa691d2600", "createdDateTime": "2023-10-31T17:57:53.692322+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "00000002-0000-0ff1-ce00-000000000000", "appDisplayName": "Office 365 Exchange Online", "ipAddress": "120.1.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {}, "correlationId": "0e6734b6-1fe1-4962-990e-a6e74a7c6ab2", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "787c6576-5d5c-4b5d-be7a-f6fa691d2600", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"SubstrateSearch-Internal.ReadWrite\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 80, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Office 365 Search Service", "resourceId": "66a88757-258c-4c72-893c-3e8bed4d6899", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:57:53.692322+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "dmV8eFxdXUu-evb6aR0mAA", "authenticationStrengths": [], "incomingTokenType": "primaryRefreshToken", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "cc587bd6-69dc-4cdd-b7ef-055396315e07", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T17:59:51.3064245Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "50140", "resultSignature": "None", "resultDescription": "This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "bc4bb84e-dc39-abd3-cc83-d26c3920c797", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "7bc09906-fb5c-4b33-8f89-eee3898b3600", "createdDateTime": "2023-10-31T17:56:41.2641712+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "00000002-0000-0ff1-ce00-000000000000", "appDisplayName": "Office 365 Exchange Online", "ipAddress": "120.1.121.35", "status": {"errorCode": 50140, "failureReason": "This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.", "additionalDetails": "MFA completed in Azure AD"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 118.0.0"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {"authMethod": "Mobile app notification"}, "correlationId": "bc4bb84e-dc39-abd3-cc83-d26c3920c797", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "7bc09906-fb5c-4b33-8f89-eee3898b3600", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Login Hint Present", "value": "True"}, {"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 106, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Office 365 Exchange Online", "resourceId": "00000002-0000-0ff1-ce00-000000000000", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:56:41.2641712+00:00", "authenticationMethod": "Password", "authenticationMethodDetail": "Password in the cloud", "succeeded": true, "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 1}, {"authenticationStepDateTime": "2023-10-31T17:56:40+00:00", "authenticationMethod": "Mobile app notification", "succeeded": true, "authenticationStepResultDetail": "MFA successfully completed", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 1698775000801, "RequestSequence": 1698774991492}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "user15@splunkresearch.onmicrosoft.com", "signInIdentifier": "user15@splunkresearch.onmicrosoft.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "BpnAe1z7M0uPie7jiYs2AA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "8429eb5c-faeb-4ade-8eac-acc003790769", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T17:59:42.1068644Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "50140", "resultSignature": "None", "resultDescription": "This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "bc4bb84e-dc39-abd3-cc83-d26c3920c797", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "7bc09906-fb5c-4b33-8f89-eee3898b3600", "createdDateTime": "2023-10-31T17:56:41.2641712+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "00000002-0000-0ff1-ce00-000000000000", "appDisplayName": "Office 365 Exchange Online", "ipAddress": "120.1.121.35", "status": {"errorCode": 50140, "failureReason": "This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.", "additionalDetails": "MFA completed in Azure AD"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 118.0.0"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {"authMethod": "Mobile app notification"}, "correlationId": "bc4bb84e-dc39-abd3-cc83-d26c3920c797", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "7bc09906-fb5c-4b33-8f89-eee3898b3600", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Login Hint Present", "value": "True"}, {"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 106, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Office 365 Exchange Online", "resourceId": "00000002-0000-0ff1-ce00-000000000000", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:56:41.2641712+00:00", "authenticationMethod": "Password", "authenticationMethodDetail": "Password in the cloud", "succeeded": true, "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 1}, {"authenticationStepDateTime": "2023-10-31T17:56:32+00:00", "authenticationMethod": "Mobile app notification", "succeeded": false, "authenticationStepResultDetail": "Authentication in progress", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 1698774991492}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "user15@splunkresearch.onmicrosoft.com", "signInIdentifier": "user15@splunkresearch.onmicrosoft.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "BpnAe1z7M0uPie7jiYs2AA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "8429eb5c-faeb-4ade-8eac-acc003790769", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T17:59:33.0672461Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "542efcb1-8e1e-4e3c-a098-c400b6c9d016", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "8187d4b8-c15b-4cc3-b54f-17ffe3632700", "createdDateTime": "2023-10-31T17:57:03.8990034+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "00000002-0000-0ff1-ce00-000000000000", "appDisplayName": "Office 365 Exchange Online", "ipAddress": "120.1.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {}, "correlationId": "542efcb1-8e1e-4e3c-a098-c400b6c9d016", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "8187d4b8-c15b-4cc3-b54f-17ffe3632700", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"user_impersonation\",\"CompliancePolicy-Internal.ReadWrite\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 116, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Microsoft Exchange Online Protection", "resourceId": "00000007-0000-0ff1-ce00-000000000000", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:57:03.8990034+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "uNSHgVvBw0y1Txf_42MnAA", "authenticationStrengths": [], "incomingTokenType": "primaryRefreshToken", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "7b986e47-2845-4831-82ad-1f787088b596", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T17:59:21.8996162Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "a28d1189-6766-4144-8c6a-5d95d67c07a9", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "560468df-22d8-4306-b01f-cb687c0f3d00", "createdDateTime": "2023-10-31T17:56:51.2299121+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "00000002-0000-0ff1-ce00-000000000000", "appDisplayName": "Office 365 Exchange Online", "ipAddress": "120.1.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {}, "correlationId": "a28d1189-6766-4144-8c6a-5d95d67c07a9", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "560468df-22d8-4306-b01f-cb687c0f3d00", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"Analytics.ReadWrite\",\"Calendars.ReadWrite\",\"Calendars.ReadWrite.Shared\",\"Channel.Create\",\"Channel.ReadBasic.All\",\"ChannelMember.Read.All\",\"ChannelMember.ReadWrite.All\",\"ChannelMessage.Read.All\",\"Chat.Read\",\"Chat.ReadWrite\",\"Contacts.ReadWrite\",\"Contacts.ReadWrite.Shared\",\"EAS.AccessAsUser.All\",\"Files.Read\",\"Files.ReadWrite\",\"Files.ReadWrite.All\",\"Group.ReadWrite.All\",\"Locations-Internal.ReadWrite\",\"Mail.ReadWrite\",\"Mail.ReadWrite.All\",\"Mail.ReadWrite.Shared\",\"Mail.Send\",\"Mail.Send.Shared\",\"MailboxSettings.ReadWrite\",\"Notes.Read\",\"Notes.ReadWrite\",\"Notes-Internal.ReadWrite\",\"OfficeFeed-Internal.ReadWrite\",\"OnlineMeetings.ReadWrite\",\"OutlookService.AccessAsUser.All\",\"OWA.AccessAsUser.All\",\"People.Read\",\"People.ReadWrite\",\"PeoplePredictions-Internal.Read\",\"Place.Read.All\",\"Place.ReadWrite.All\",\"Signals.Read\",\"Signals.ReadWrite\",\"Signals-Internal.Read.Shared\",\"SubstrateSearch-Internal.ReadWrite\",\"Tags.ReadWrite\",\"TailoredExperiences-Internal.ReadWrite\",\"Tasks.ReadWrite\",\"Tasks.ReadWrite.Shared\",\"Team.ReadBasic.All\",\"Todo-Internal.ReadWrite\",\"User.Read.All\",\"User.ReadBasic\",\"User.ReadBasic.All\",\"User.ReadWrite\",\"user_impersonation\",\"User-Internal.ReadWrite\",\"Calendars-Internal.ReadWrite\",\"Collab-Internal.ReadWrite\",\"DWEngine-Internal.Read\",\"Files.ReadWrite.Shared\",\"FocusedInbox-Internal.ReadWrite\",\"Premium-Internal.ReadWrite\",\"Privilege.OpenAsSystem\",\"Signals-Internal.ReadWrite.Shared\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 126, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Office 365 Exchange Online", "resourceId": "00000002-0000-0ff1-ce00-000000000000", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:56:51.2299121+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "32gEVtgiBkOwH8tofA89AA", "authenticationStrengths": [], "incomingTokenType": "primaryRefreshToken", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "8429eb5c-faeb-4ade-8eac-acc003790769", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T17:59:20.8115964Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "User registered security info", "operationVersion": "1.0", "category": "AuditLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultSignature": "None", "resultDescription": "User registered Mobile Phone SMS", "durationMs": 0, "callerIpAddress": "20.88.236.60", "correlationId": "367f5194-766b-4e14-875b-5ad45de67a37", "Level": 4, "properties": {"id": "IAMUX_367f5194-766b-4e14-875b-5ad45de67a37_J8NVB_149335507", "category": "UserManagement", "correlationId": "367f5194-766b-4e14-875b-5ad45de67a37", "result": "success", "resultReason": "User registered Mobile Phone SMS", "activityDisplayName": "User registered security info", "activityDateTime": "2023-10-31T17:59:20.8115964+00:00", "loggedByService": "Authentication Methods", "operationType": "Add", "userAgent": null, "initiatedBy": {"user": {"id": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "displayName": null, "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "ipAddress": "20.88.236.60", "roles": []}}, "targetResources": [{"id": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "displayName": "user15", "type": "User", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "modifiedProperties": [], "administrativeUnits": []}], "additionalDetails": []}} {"time": "2023-10-31T17:59:20.6769492Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Update user", "operationVersion": "1.0", "category": "AuditLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultSignature": "None", "durationMs": 0, "correlationId": "2e72d1f2-c589-4563-a245-ba532ff87a0b", "Level": 4, "properties": {"id": "Directory_2e72d1f2-c589-4563-a245-ba532ff87a0b_T3XTQ_122341932", "category": "UserManagement", "correlationId": "2e72d1f2-c589-4563-a245-ba532ff87a0b", "result": "success", "resultReason": "", "activityDisplayName": "Update user", "activityDateTime": "2023-10-31T17:59:20.6769492+00:00", "loggedByService": "Core Directory", "operationType": "Update", "userAgent": null, "initiatedBy": {"user": {"id": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "displayName": null, "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "ipAddress": "", "roles": []}}, "targetResources": [{"id": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "displayName": null, "type": "User", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "modifiedProperties": [{"displayName": "StrongAuthenticationMethod", "oldValue": "[{\"MethodType\":6,\"Default\":true},{\"MethodType\":7,\"Default\":false}]", "newValue": "[{\"MethodType\":7,\"Default\":false},{\"MethodType\":6,\"Default\":true},{\"MethodType\":0,\"Default\":false},{\"MethodType\":5,\"Default\":false}]"}, {"displayName": "Included Updated Properties", "oldValue": null, "newValue": "\"StrongAuthenticationMethod\""}, {"displayName": "TargetId.UserType", "oldValue": null, "newValue": "\"Member\""}], "administrativeUnits": []}], "additionalDetails": [{"key": "UserType", "value": "Member"}]}} {"time": "2023-10-31T17:59:20.0404598Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Update user", "operationVersion": "1.0", "category": "AuditLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "13.88.130.66", "correlationId": "6de4c538-7550-4bd3-9c9c-f304b3a300a4", "identity": "Microsoft App Access Panel", "Level": 4, "properties": {"id": "Directory_6de4c538-7550-4bd3-9c9c-f304b3a300a4_URO60_286277025", "category": "UserManagement", "correlationId": "6de4c538-7550-4bd3-9c9c-f304b3a300a4", "result": "success", "resultReason": "", "activityDisplayName": "Update user", "activityDateTime": "2023-10-31T17:59:20.0404598+00:00", "loggedByService": "Core Directory", "operationType": "Update", "userAgent": null, "initiatedBy": {"app": {"appId": null, "displayName": "Microsoft App Access Panel", "servicePrincipalId": "36d3537c-8bd8-4aef-8088-699ece69e2c6", "servicePrincipalName": null}}, "targetResources": [{"id": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "displayName": null, "type": "User", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "modifiedProperties": [{"displayName": "Included Updated Properties", "oldValue": null, "newValue": "\"\""}, {"displayName": "TargetId.UserType", "oldValue": null, "newValue": "\"Member\""}], "administrativeUnits": []}], "additionalDetails": [{"key": "UserType", "value": "Member"}, {"key": "User-Agent", "value": "Microsoft ADO.NET Data Services"}]}} {"time": "2023-10-31T17:59:15.3306533Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Update user", "operationVersion": "1.0", "category": "AuditLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultSignature": "None", "durationMs": 0, "correlationId": "ae1ae264-616e-4906-ab7a-f3337bb2215a", "Level": 4, "properties": {"id": "Directory_ae1ae264-616e-4906-ab7a-f3337bb2215a_L334O_150284", "category": "UserManagement", "correlationId": "ae1ae264-616e-4906-ab7a-f3337bb2215a", "result": "success", "resultReason": "", "activityDisplayName": "Update user", "activityDateTime": "2023-10-31T17:59:15.3306533+00:00", "loggedByService": "Core Directory", "operationType": "Update", "userAgent": null, "initiatedBy": {"user": {"id": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "displayName": null, "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "ipAddress": "", "roles": []}}, "targetResources": [{"id": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "displayName": null, "type": "User", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "modifiedProperties": [{"displayName": "StrongAuthenticationUserDetails", "oldValue": "[{\"PhoneNumber\":null,\"AlternativePhoneNumber\":null,\"Email\":null,\"VoiceOnlyPhoneNumber\":null}]", "newValue": "[{\"PhoneNumber\":\"+1 3071234321\",\"AlternativePhoneNumber\":null,\"Email\":null,\"VoiceOnlyPhoneNumber\":null}]"}, {"displayName": "Included Updated Properties", "oldValue": null, "newValue": "\"StrongAuthenticationUserDetails\""}, {"displayName": "TargetId.UserType", "oldValue": null, "newValue": "\"Member\""}], "administrativeUnits": []}], "additionalDetails": [{"key": "UserType", "value": "Member"}]}} {"time": "2023-10-31T17:59:08.2097282Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "fc527ba9-c1ab-405f-ab59-43c28142c5ae", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "094ab1be-df20-4c3f-8832-819ac1663500", "createdDateTime": "2023-10-31T17:57:54.1463342+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "00000002-0000-0ff1-ce00-000000000000", "appDisplayName": "Office 365 Exchange Online", "ipAddress": "120.1.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {}, "correlationId": "fc527ba9-c1ab-405f-ab59-43c28142c5ae", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "094ab1be-df20-4c3f-8832-819ac1663500", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"Connectors.AdaptiveCards.Actions\",\"user_impersonation\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 179, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Connectors", "resourceId": "48af08dc-f6d2-435f-b2a7-069abd99c086", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:57:54.1463342+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "vrFKCSDfP0yIMoGawWY1AA", "authenticationStrengths": [], "incomingTokenType": "primaryRefreshToken", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "0ba1bf1b-4b5c-48f8-89ac-29ddb384ad34", "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T17:59:05.1092727Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "120.1.121.35", "correlationId": "8efb94a7-db1c-4130-913a-7c0895468065", "identity": "user15", "Level": 4, "location": "US", "properties": {"id": "787c6576-5d5c-4b5d-be7a-f6fa030a2600", "createdDateTime": "2023-10-31T17:56:49.4906399+00:00", "userDisplayName": "user15", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "userId": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "appId": "00000002-0000-0ff1-ce00-000000000000", "appDisplayName": "Office 365 Exchange Online", "ipAddress": "120.1.121.35", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs"}, "location": {"city": "Ohio", "state": "Ohio", "countryOrRegion": "US", "geoCoordinates": {"latitude": 65.75616073608398, "longitude": -48.996978759765625}}, "mfaDetail": {}, "correlationId": "8efb94a7-db1c-4130-913a-7c0895468065", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "787c6576-5d5c-4b5d-be7a-f6fa030a2600", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"AugLoop.All\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 114, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Augmentation Loop", "resourceId": "4354e225-50c9-4423-9ece-2d5afd904870", "resourceTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "homeTenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "authenticationDetails": [{"authenticationStepDateTime": "2023-10-31T17:56:49.4906399+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "dmV8eFxdXUu-evb6AwomAA", "authenticationStrengths": [], "incomingTokenType": "primaryRefreshToken", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": null, "rngcStatus": 0, "signInTokenProtectionStatus": "none", "originalTransferMethod": "none"}} {"time": "2023-10-31T17:59:00.5319294Z", "resourceId": "/tenants/75243ab2-44f8-435c-a7a6-b479385df6d4/providers/Microsoft.aadiam", "operationName": "User started security info registration", "operationVersion": "1.0", "category": "AuditLogs", "tenantId": "75243ab2-44f8-435c-a7a6-b479385df6d4", "resultSignature": "None", "resultDescription": "User started the registration for Mobile Phone SMS", "durationMs": 0, "callerIpAddress": "52.152.97.169", "correlationId": "2805c526-b1e8-4eb2-a32a-9a803f202786", "Level": 4, "properties": {"id": "IAMUX_2805c526-b1e8-4eb2-a32a-9a803f202786_W1N4D_105387921", "category": "UserManagement", "correlationId": "2805c526-b1e8-4eb2-a32a-9a803f202786", "result": "success", "resultReason": "User started the registration for Mobile Phone SMS", "activityDisplayName": "User started security info registration", "activityDateTime": "2023-10-31T17:59:00.5319294+00:00", "loggedByService": "Authentication Methods", "operationType": "Add", "userAgent": null, "initiatedBy": {"user": {"id": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "displayName": null, "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "ipAddress": "52.152.97.169", "roles": []}}, "targetResources": [{"id": "57e4bd36-9722-4a4a-9729-7203d8e00b72", "displayName": "user15", "type": "User", "userPrincipalName": "user15@splunkresearch.onmicrosoft.com", "modifiedProperties": [], "administrativeUnits": []}], "additionalDetails": []}}