{"time": "2023-01-24T23:15:19.2289311Z", "resourceId": "/tenants/0ca20a0d-3b66-49ed-a69e-babf85484982/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "35.1.2.153", "correlationId": "2a0a0eeb-1ded-4d8c-a7a7-4a2d0b2bec37", "identity": "User30", "Level": 4, "location": "US", "properties": {"id": "3bd2014b-41aa-46a0-a421-18c11b530e00", "createdDateTime": "2023-01-24T23:15:19.2289311+00:00", "userDisplayName": "User30", "userPrincipalName": "user30@splunkresearch.com", "userId": "40b61050-e814-4ae5-8ffe-66b6f0c53998", "appId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "appDisplayName": "Azure Portal", "ipAddress": "35.1.2.153", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0", "deviceDetail": {"deviceId": "", "operatingSystem": "Windows 10", "browser": "Firefox 108.0"}, "location": {"city": "Boardman", "state": "Oregon", "countryOrRegion": "US", "geoCoordinates": {"latitude": 45.83599853515625, "longitude": -119.6989974975586}}, "mfaDetail": {}, "correlationId": "2a0a0eeb-1ded-4d8c-a7a7-4a2d0b2bec37", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "success", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "3bd2014b-41aa-46a0-a421-18c11b530e00", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 246, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "homeTenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "authenticationDetails": [{"authenticationStepDateTime": "2023-01-24T23:15:19.2289311+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}, {"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "user30@splunkresearch.com", "signInIdentifier": "user30@splunkresearch.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 16509, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "SwHSO6pBoEakIRjBG1MOAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}}
{"time": "2023-01-24T23:14:46.0372260Z", "resourceId": "/tenants/0ca20a0d-3b66-49ed-a69e-babf85484982/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "50.1.2.43", "correlationId": "eaa62f39-5610-c2d1-8a75-b6b43aae773a", "identity": "User30", "Level": 4, "location": "US", "properties": {"id": "0a020737-6658-4839-828a-6907e07c1200", "createdDateTime": "2023-01-24T23:14:46.037226+00:00", "userDisplayName": "User30", "userPrincipalName": "user30@splunkresearch.com", "userId": "40b61050-e814-4ae5-8ffe-66b6f0c53998", "appId": "00000002-0000-0ff1-ce00-000000000000", "appDisplayName": "Office 365 Exchange Online", "ipAddress": "50.1.2.43", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 108.0.0"}, "location": {"city": "Buffalo", "state": "New York", "countryOrRegion": "US", "geoCoordinates": {"latitude": 40.760379791259766, "longitude": -73.99726867675781}}, "mfaDetail": {}, "correlationId": "eaa62f39-5610-c2d1-8a75-b6b43aae773a", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": [], "enforcedSessionControls": [], "result": "success", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "0a020737-6658-4839-828a-6907e07c1200", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Domain Hint Present", "value": "True"}, {"key": "Login Hint Present", "value": "True"}, {"key": "Is Client Capable", "value": "True"}, {"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "True"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 74, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Office 365 Exchange Online", "resourceId": "00000002-0000-0ff1-ce00-000000000000", "resourceTenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "homeTenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "authenticationDetails": [{"authenticationStepDateTime": "2023-01-24T23:14:46.037226+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "First factor requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 0}, {"authenticationStepDateTime": "2023-01-24T23:14:46.037226+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "NwcCClhmOUiCimkH4HwSAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "7c47c9f0-d6ae-4c7f-b7e3-fddf259bf009", "rngcStatus": 0}}
{"time": "2023-01-24T23:14:44.6343318Z", "resourceId": "/tenants/0ca20a0d-3b66-49ed-a69e-babf85484982/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "50.1.2.43", "correlationId": "5ddf1ee9-b0ab-4d20-9711-77d6da8ee698", "identity": "User30", "Level": 4, "location": "US", "properties": {"id": "a5cc359c-5f0d-4378-b00e-bb9c31410600", "createdDateTime": "2023-01-24T23:14:44.6343318+00:00", "userDisplayName": "User30", "userPrincipalName": "user30@splunkresearch.com", "userId": "40b61050-e814-4ae5-8ffe-66b6f0c53998", "appId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "appDisplayName": "Office365 Shell WCSS-Client", "ipAddress": "50.1.2.43", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 108.0.0"}, "location": {"city": "Buffalo", "state": "New York", "countryOrRegion": "US", "geoCoordinates": {"latitude": 10.36095362524414, "longitude": -73.99759674072266}}, "mfaDetail": {}, "correlationId": "5ddf1ee9-b0ab-4d20-9711-77d6da8ee698", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": [], "enforcedSessionControls": [], "result": "success", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "a5cc359c-5f0d-4378-b00e-bb9c31410600", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Login Hint Present", "value": "True"}, {"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 85, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Microsoft Graph", "resourceId": "00000003-0000-0000-c000-000000000000", "resourceTenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "homeTenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "authenticationDetails": [{"authenticationStepDateTime": "2023-01-24T23:14:44.6343318+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "First factor requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 0}, {"authenticationStepDateTime": "2023-01-24T23:14:44.6343318+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "nDXMpQ1feEOwDrucMUEGAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "333b3653-e622-4b8a-a55c-b67d878113db", "rngcStatus": 0}}
{"time": "2023-01-24T23:14:44.5945595Z", "resourceId": "/tenants/0ca20a0d-3b66-49ed-a69e-babf85484982/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "50.1.2.43", "correlationId": "28234f41-b0e9-49f0-8791-8a9626586a66", "identity": "User30", "Level": 4, "location": "US", "properties": {"id": "07ba901e-3c27-4202-a35a-f959a7b11000", "createdDateTime": "2023-01-24T23:14:44.5945595+00:00", "userDisplayName": "User30", "userPrincipalName": "user30@splunkresearch.com", "userId": "40b61050-e814-4ae5-8ffe-66b6f0c53998", "appId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "appDisplayName": "Office365 Shell WCSS-Client", "ipAddress": "50.1.2.43", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 108.0.0"}, "location": {"city": "Buffalo", "state": "New York", "countryOrRegion": "US", "geoCoordinates": {"latitude": 40.760379791259766, "longitude": -73.99726867675781}}, "mfaDetail": {}, "correlationId": "28234f41-b0e9-49f0-8791-8a9626586a66", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": [], "enforcedSessionControls": [], "result": "success", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "07ba901e-3c27-4202-a35a-f959a7b11000", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Login Hint Present", "value": "True"}, {"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 74, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Office365 Shell WCSS-Server", "resourceId": "5f09333a-842c-47da-a157-57da27fcbca5", "resourceTenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "homeTenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "authenticationDetails": [{"authenticationStepDateTime": "2023-01-24T23:14:44.5945595+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "First factor requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 0}, {"authenticationStepDateTime": "2023-01-24T23:14:44.5945595+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "HpC6Byc8AkKjWvlZp7EQAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": null, "rngcStatus": 0}}
{"time": "2023-01-24T23:14:44.5524670Z", "resourceId": "/tenants/0ca20a0d-3b66-49ed-a69e-babf85484982/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "50.1.2.43", "correlationId": "92eedfa3-4049-4973-9da6-fa9b670680bb", "identity": "User30", "Level": 4, "location": "US", "properties": {"id": "f9ec4bc3-4cf1-403a-bac7-39abe4e40200", "createdDateTime": "2023-01-24T23:14:44.552467+00:00", "userDisplayName": "User30", "userPrincipalName": "user30@splunkresearch.com", "userId": "40b61050-e814-4ae5-8ffe-66b6f0c53998", "appId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "appDisplayName": "Office365 Shell WCSS-Client", "ipAddress": "50.1.2.43", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 108.0.0"}, "location": {"city": "Buffalo", "state": "New York", "countryOrRegion": "US", "geoCoordinates": {"latitude": 10.36095362524414, "longitude": -73.99759674072266}}, "mfaDetail": {}, "correlationId": "92eedfa3-4049-4973-9da6-fa9b670680bb", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": [], "enforcedSessionControls": [], "result": "success", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "f9ec4bc3-4cf1-403a-bac7-39abe4e40200", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Login Hint Present", "value": "True"}, {"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 125, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Microsoft Graph", "resourceId": "00000003-0000-0000-c000-000000000000", "resourceTenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "homeTenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "authenticationDetails": [{"authenticationStepDateTime": "2023-01-24T23:14:44.552467+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "First factor requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 0}, {"authenticationStepDateTime": "2023-01-24T23:14:44.552467+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "w0vs-fFMOkC6xzmr5OQCAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "333b3653-e622-4b8a-a55c-b67d878113db", "rngcStatus": 0}}
{"time": "2023-01-24T23:14:42.3493074Z", "resourceId": "/tenants/0ca20a0d-3b66-49ed-a69e-babf85484982/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "50.1.2.43", "correlationId": "e62d765f-b4d8-484f-9fdd-2832eb48af81", "identity": "User30", "Level": 4, "location": "US", "properties": {"id": "f9ec4bc3-4cf1-403a-bac7-39ab79e40200", "createdDateTime": "2023-01-24T23:14:42.3493074+00:00", "userDisplayName": "User30", "userPrincipalName": "user30@splunkresearch.com", "userId": "40b61050-e814-4ae5-8ffe-66b6f0c53998", "appId": "4765445b-32c6-49b0-83e6-1d93765276ca", "appDisplayName": "OfficeHome", "ipAddress": "50.1.2.43", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 108.0.0"}, "location": {"city": "Buffalo", "state": "New York", "countryOrRegion": "US", "geoCoordinates": {"latitude": 10.36095362524414, "longitude": -73.99759674072266}}, "mfaDetail": {}, "correlationId": "e62d765f-b4d8-484f-9fdd-2832eb48af81", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": [], "enforcedSessionControls": [], "result": "success", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "f9ec4bc3-4cf1-403a-bac7-39ab79e40200", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 106, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "OfficeHome", "resourceId": "4765445b-32c6-49b0-83e6-1d93765276ca", "resourceTenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "homeTenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "authenticationDetails": [{"authenticationStepDateTime": "2023-01-24T23:14:42.3493074+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "First factor requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 0}, {"authenticationStepDateTime": "2023-01-24T23:14:42.3493074+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "w0vs-fFMOkC6xzmreeQCAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": null, "rngcStatus": 0}}
{"time": "2023-01-24T23:14:36.6935820Z", "resourceId": "/tenants/0ca20a0d-3b66-49ed-a69e-babf85484982/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "50.1.2.43", "correlationId": "ce176678-b97a-40b2-a65d-d7ee1ee1a574", "identity": "User30", "Level": 4, "location": "US", "properties": {"id": "30cb3e2c-eb91-46c5-8ad7-e3757fb80100", "createdDateTime": "2023-01-24T23:14:36.693582+00:00", "userDisplayName": "User30", "userPrincipalName": "user30@splunkresearch.com", "userId": "40b61050-e814-4ae5-8ffe-66b6f0c53998", "appId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "appDisplayName": "Azure Portal", "ipAddress": "50.1.2.43", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 108.0.0"}, "location": {"city": "Buffalo", "state": "New York", "countryOrRegion": "US", "geoCoordinates": {"latitude": 10.36095362524414, "longitude": -73.99759674072266}}, "mfaDetail": {}, "correlationId": "ce176678-b97a-40b2-a65d-d7ee1ee1a574", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "success", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "30cb3e2c-eb91-46c5-8ad7-e3757fb80100", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 225, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "homeTenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "authenticationDetails": [{"authenticationStepDateTime": "2023-01-24T23:14:36.693582+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}, {"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "user30@splunkresearch.com", "signInIdentifier": "user30@splunkresearch.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "LD7LMJHrxUaK1-N1f7gBAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}}
{"time": "2023-01-24T23:14:31.2617575Z", "resourceId": "/tenants/0ca20a0d-3b66-49ed-a69e-babf85484982/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "resultType": "50140", "resultSignature": "None", "resultDescription": "This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.", "durationMs": 0, "callerIpAddress": "50.1.2.43", "correlationId": "ce176678-b97a-40b2-a65d-d7ee1ee1a574", "identity": "User30", "Level": 4, "location": "US", "properties": {"id": "c1d9bd41-7eec-487e-90c6-a248ea6d0100", "createdDateTime": "2023-01-24T23:14:31.2617575+00:00", "userDisplayName": "User30", "userPrincipalName": "user30@splunkresearch.com", "userId": "40b61050-e814-4ae5-8ffe-66b6f0c53998", "appId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "appDisplayName": "Azure Portal", "ipAddress": "50.1.2.43", "status": {"errorCode": 50140, "failureReason": "This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.", "additionalDetails": "MFA completed in Azure AD"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 108.0.0"}, "location": {"city": "Buffalo", "state": "New York", "countryOrRegion": "US", "geoCoordinates": {"latitude": 10.36095362524414, "longitude": -73.99759674072266}}, "mfaDetail": {"authMethod": "Mobile app notification"}, "correlationId": "ce176678-b97a-40b2-a65d-d7ee1ee1a574", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "success", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "c1d9bd41-7eec-487e-90c6-a248ea6d0100", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 291, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "homeTenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "authenticationDetails": [{"authenticationStepDateTime": "2023-01-24T23:14:31.2617575+00:00", "authenticationMethod": "Password", "authenticationMethodDetail": "Password in the cloud", "succeeded": true, "authenticationStepResultDetail": "Correct password", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 1}, {"authenticationStepDateTime": "2023-01-24T23:14:31.2617575+00:00", "authenticationMethod": "Mobile app notification", "succeeded": true, "authenticationStepResultDetail": "MFA completed in Azure AD", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}, {"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "user30@splunkresearch.com", "signInIdentifier": "user30@splunkresearch.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "Qb3Zwex-fkiQxqJI6m0BAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}}
{"time": "2023-01-24T23:14:31.2617575Z", "resourceId": "/tenants/0ca20a0d-3b66-49ed-a69e-babf85484982/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "resultType": "50140", "resultSignature": "None", "resultDescription": "This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.", "durationMs": 0, "callerIpAddress": "50.1.2.43", "correlationId": "ce176678-b97a-40b2-a65d-d7ee1ee1a574", "identity": "User30", "Level": 4, "location": "US", "properties": {"id": "c1d9bd41-7eec-487e-90c6-a248ea6d0100", "createdDateTime": "2023-01-24T23:14:31.2617575+00:00", "userDisplayName": "User30", "userPrincipalName": "user30@splunkresearch.com", "userId": "40b61050-e814-4ae5-8ffe-66b6f0c53998", "appId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "appDisplayName": "Azure Portal", "ipAddress": "50.1.2.43", "status": {"errorCode": 50140, "failureReason": "This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.", "additionalDetails": "MFA completed in Azure AD"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 108.0.0"}, "location": {"city": "Buffalo", "state": "New York", "countryOrRegion": "US", "geoCoordinates": {"latitude": 10.36095362524414, "longitude": -73.99759674072266}}, "mfaDetail": {"authMethod": "Mobile app notification"}, "correlationId": "ce176678-b97a-40b2-a65d-d7ee1ee1a574", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "success", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "c1d9bd41-7eec-487e-90c6-a248ea6d0100", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 291, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "homeTenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "authenticationDetails": [{"authenticationStepDateTime": "2023-01-24T23:14:31.2617575+00:00", "authenticationMethod": "Mobile app notification", "succeeded": true, "authenticationStepResultDetail": "MFA completed in Azure AD", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}, {"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "user30@splunkresearch.com", "signInIdentifier": "user30@splunkresearch.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "Qb3Zwex-fkiQxqJI6m0BAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}}
{"time": "2023-01-24T23:14:31.2617575Z", "resourceId": "/tenants/0ca20a0d-3b66-49ed-a69e-babf85484982/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "resultType": "50140", "resultSignature": "None", "resultDescription": "This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.", "durationMs": 0, "callerIpAddress": "50.1.2.43", "correlationId": "ce176678-b97a-40b2-a65d-d7ee1ee1a574", "identity": "User30", "Level": 4, "location": "US", "properties": {"id": "c1d9bd41-7eec-487e-90c6-a248ea6d0100", "createdDateTime": "2023-01-24T23:14:31.2617575+00:00", "userDisplayName": "User30", "userPrincipalName": "user30@splunkresearch.com", "userId": "40b61050-e814-4ae5-8ffe-66b6f0c53998", "appId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "appDisplayName": "Azure Portal", "ipAddress": "50.1.2.43", "status": {"errorCode": 50140, "failureReason": "This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.", "additionalDetails": "MFA completed in Azure AD"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 108.0.0"}, "location": {"city": "Buffalo", "state": "New York", "countryOrRegion": "US", "geoCoordinates": {"latitude": 10.36095362524414, "longitude": -73.99759674072266}}, "mfaDetail": {"authMethod": "Mobile app notification"}, "correlationId": "ce176678-b97a-40b2-a65d-d7ee1ee1a574", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "success", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "c1d9bd41-7eec-487e-90c6-a248ea6d0100", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 291, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "homeTenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "authenticationDetails": [{"authenticationStepDateTime": "2023-01-24T23:14:31.2617575+00:00", "authenticationMethod": "Mobile app notification", "succeeded": true, "authenticationStepResultDetail": "MFA completed in Azure AD", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}, {"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "user30@splunkresearch.com", "signInIdentifier": "user30@splunkresearch.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "Qb3Zwex-fkiQxqJI6m0BAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}}
{"time": "2023-01-24T23:14:02.3580206Z", "resourceId": "/tenants/0ca20a0d-3b66-49ed-a69e-babf85484982/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "50.1.2.43", "correlationId": "ce176678-b97a-40b2-a65d-d7ee1ee1a574", "identity": "User30", "Level": 4, "location": "US", "properties": {"id": "d111b967-8bc0-4381-ad7c-9cc6b8790f00", "createdDateTime": "2023-01-24T23:14:02.3580206+00:00", "userDisplayName": "User30", "userPrincipalName": "user30@splunkresearch.com", "userId": "40b61050-e814-4ae5-8ffe-66b6f0c53998", "appId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "appDisplayName": "Azure Portal", "ipAddress": "50.1.2.43", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 108.0.0"}, "location": {"city": "Buffalo", "state": "New York", "countryOrRegion": "US", "geoCoordinates": {"latitude": 40.760379791259766, "longitude": -73.99726867675781}}, "mfaDetail": {}, "correlationId": "ce176678-b97a-40b2-a65d-d7ee1ee1a574", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "success", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "d111b967-8bc0-4381-ad7c-9cc6b8790f00", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 205, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "homeTenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "authenticationDetails": [{"authenticationStepDateTime": "2023-01-24T23:14:02.3580206+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "First factor requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 0}, {"authenticationStepDateTime": "2023-01-24T23:14:02.3580206+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}, {"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "Z7kR0cCLgUOtfJzGuHkPAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}}
{"time": "2023-01-24T23:13:59.6333567Z", "resourceId": "/tenants/0ca20a0d-3b66-49ed-a69e-babf85484982/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "50.1.2.43", "correlationId": "44d49905-b1a6-4cdb-87ad-26d7b867c18e", "identity": "User30", "Level": 4, "location": "US", "properties": {"id": "a5bc75cf-d4f2-4b21-817e-8a1a14130500", "createdDateTime": "2023-01-24T23:13:59.6333567+00:00", "userDisplayName": "User30", "userPrincipalName": "user30@splunkresearch.com", "userId": "40b61050-e814-4ae5-8ffe-66b6f0c53998", "appId": "4765445b-32c6-49b0-83e6-1d93765276ca", "appDisplayName": "OfficeHome", "ipAddress": "50.1.2.43", "status": {"errorCode": 0, "additionalDetails": "MFA requirement satisfied by claim in the token"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 108.0.0"}, "location": {"city": "Buffalo", "state": "New York", "countryOrRegion": "US", "geoCoordinates": {"latitude": 10.36095362524414, "longitude": -73.99759674072266}}, "mfaDetail": {}, "correlationId": "44d49905-b1a6-4cdb-87ad-26d7b867c18e", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": [], "enforcedSessionControls": [], "result": "success", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "a5bc75cf-d4f2-4b21-817e-8a1a14130500", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Login Hint Present", "value": "True"}, {"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 105, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "OfficeHome", "resourceId": "4765445b-32c6-49b0-83e6-1d93765276ca", "resourceTenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "homeTenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "authenticationDetails": [{"authenticationStepDateTime": "2023-01-24T23:13:59.6333567+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "First factor requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 0}, {"authenticationStepDateTime": "2023-01-24T23:13:59.6333567+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "MFA requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12271, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "z3W8pfLUIUuBfooaFBMFAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": null, "rngcStatus": 0}}
{"time": "2023-01-24T23:13:41.5688166Z", "resourceId": "/tenants/0ca20a0d-3b66-49ed-a69e-babf85484982/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "resultType": "50140", "resultSignature": "None", "resultDescription": "This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.", "durationMs": 0, "callerIpAddress": "35.1.2.153", "correlationId": "2a0a0eeb-1ded-4d8c-a7a7-4a2d0b2bec37", "identity": "User30", "Level": 4, "location": "US", "properties": {"id": "e3dafcf0-2451-4f6f-ba6e-1cc635e47900", "createdDateTime": "2023-01-24T23:13:41.5688166+00:00", "userDisplayName": "User30", "userPrincipalName": "user30@splunkresearch.com", "userId": "40b61050-e814-4ae5-8ffe-66b6f0c53998", "appId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "appDisplayName": "Azure Portal", "ipAddress": "35.1.2.153", "status": {"errorCode": 50140, "failureReason": "This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.", "additionalDetails": "MFA completed in Azure AD"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0", "deviceDetail": {"deviceId": "", "operatingSystem": "Windows 10", "browser": "Firefox 108.0"}, "location": {"city": "Boardman", "state": "Oregon", "countryOrRegion": "US", "geoCoordinates": {"latitude": 45.73722839355469, "longitude": -119.81143188476562}}, "mfaDetail": {"authMethod": "Mobile app notification"}, "correlationId": "2a0a0eeb-1ded-4d8c-a7a7-4a2d0b2bec37", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "success", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "e3dafcf0-2451-4f6f-ba6e-1cc635e47900", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 353, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "homeTenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "authenticationDetails": [{"authenticationStepDateTime": "2023-01-24T23:13:41.5688166+00:00", "authenticationMethod": "Password", "authenticationMethodDetail": "Password in the cloud", "succeeded": true, "authenticationStepResultDetail": "Correct password", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 1}, {"authenticationStepDateTime": "2023-01-24T23:13:41.5688166+00:00", "authenticationMethod": "Mobile app notification", "succeeded": true, "authenticationStepResultDetail": "MFA completed in Azure AD", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}, {"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "user30@splunkresearch.com", "signInIdentifier": "user30@splunkresearch.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 16509, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "8Pza41Ekb0-6bhzGNeR5AA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}}
{"time": "2023-01-24T23:13:31.9430219Z", "resourceId": "/tenants/0ca20a0d-3b66-49ed-a69e-babf85484982/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "resultType": "50074", "resultSignature": "None", "resultDescription": "Strong Authentication is required.", "durationMs": 0, "callerIpAddress": "35.1.2.153", "correlationId": "2a0a0eeb-1ded-4d8c-a7a7-4a2d0b2bec37", "identity": "User30", "Level": 4, "location": "US", "properties": {"id": "e3dafcf0-2451-4f6f-ba6e-1cc635e47900", "createdDateTime": "2023-01-24T23:13:31.9430219+00:00", "userDisplayName": "User30", "userPrincipalName": "user30@splunkresearch.com", "userId": "40b61050-e814-4ae5-8ffe-66b6f0c53998", "appId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "appDisplayName": "Azure Portal", "ipAddress": "35.1.2.153", "status": {"errorCode": 50074, "failureReason": "Strong Authentication is required.", "additionalDetails": "MFA successfully completed"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0", "deviceDetail": {"deviceId": "", "operatingSystem": "Windows 10", "browser": "Firefox 108.0"}, "location": {"city": "Boardman", "state": "Oregon", "countryOrRegion": "US", "geoCoordinates": {"latitude": 45.73722839355469, "longitude": -119.81143188476562}}, "mfaDetail": {"authMethod": "Mobile app notification"}, "correlationId": "2a0a0eeb-1ded-4d8c-a7a7-4a2d0b2bec37", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "failure", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "e3dafcf0-2451-4f6f-ba6e-1cc635e47900", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 348, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "homeTenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "authenticationDetails": [{"authenticationStepDateTime": "2023-01-24T23:13:31.9430219+00:00", "authenticationMethod": "Password", "authenticationMethodDetail": "Password in the cloud", "succeeded": true, "authenticationStepResultDetail": "Correct password", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 1}, {"authenticationStepDateTime": "2023-01-24T23:13:31.9430219+00:00", "authenticationMethod": "Mobile app notification", "succeeded": true, "authenticationStepResultDetail": "MFA successfully completed", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}, {"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "user30@splunkresearch.com", "signInIdentifier": "user30@splunkresearch.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 16509, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "8Pza41Ekb0-6bhzGNeR5AA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}}
{"time": "2023-01-24T23:13:31.9430219Z", "resourceId": "/tenants/0ca20a0d-3b66-49ed-a69e-babf85484982/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "resultType": "50074", "resultSignature": "None", "resultDescription": "Strong Authentication is required.", "durationMs": 0, "callerIpAddress": "35.1.2.153", "correlationId": "2a0a0eeb-1ded-4d8c-a7a7-4a2d0b2bec37", "identity": "User30", "Level": 4, "location": "US", "properties": {"id": "e3dafcf0-2451-4f6f-ba6e-1cc635e47900", "createdDateTime": "2023-01-24T23:13:31.9430219+00:00", "userDisplayName": "User30", "userPrincipalName": "user30@splunkresearch.com", "userId": "40b61050-e814-4ae5-8ffe-66b6f0c53998", "appId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "appDisplayName": "Azure Portal", "ipAddress": "35.1.2.153", "status": {"errorCode": 50074, "failureReason": "Strong Authentication is required.", "additionalDetails": "Authentication in progress"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0", "deviceDetail": {"deviceId": "", "operatingSystem": "Windows 10", "browser": "Firefox 108.0"}, "location": {"city": "Boardman", "state": "Oregon", "countryOrRegion": "US", "geoCoordinates": {"latitude": 45.73722839355469, "longitude": -119.81143188476562}}, "mfaDetail": {"authMethod": "Mobile app notification"}, "correlationId": "2a0a0eeb-1ded-4d8c-a7a7-4a2d0b2bec37", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "failure", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "e3dafcf0-2451-4f6f-ba6e-1cc635e47900", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 348, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "homeTenantId": "0ca20a0d-3b66-49ed-a69e-babf85484982", "authenticationDetails": [{"authenticationStepDateTime": "2023-01-24T23:13:31.9430219+00:00", "authenticationMethod": "Password", "authenticationMethodDetail": "Password in the cloud", "succeeded": true, "authenticationStepResultDetail": "Correct password", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 1}, {"authenticationStepDateTime": "2023-01-24T23:13:31.9430219+00:00", "authenticationMethod": "Mobile app notification", "succeeded": false, "authenticationStepResultDetail": "Authentication in progress", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "user", "detail": "Per-user MFA"}, {"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "user30@splunkresearch.com", "signInIdentifier": "user30@splunkresearch.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 16509, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "8Pza41Ekb0-6bhzGNeR5AA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}}