{"time": "2023-08-03T22:00:48.7263711Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "ServicePrincipalSignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "34.219.97.19", "correlationId": "a00c2ce3-c6e1-4f7b-a1c2-0ace91bdb120", "Level": 4, "location": "US", "properties": {"id": "9941ef48-395d-4ffc-abf9-ad16dfab7d00", "createdDateTime": "2023-08-03T21:59:14.3460808+00:00", "userId": null, "appId": "314aed90-58e5-4022-8cd0-2264893d8cb8", "ipAddress": "34.219.97.19", "status": {"errorCode": 0}, "location": {"city": "Boardman", "state": "Oregon", "countryOrRegion": "US", "geoCoordinates": {"latitude": 45.83599853515625, "longitude": -119.6989974975586}}, "correlationId": "a00c2ce3-c6e1-4f7b-a1c2-0ace91bdb120", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "isInteractive": false, "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Azure AD App Authentication Library", "value": "Family: ADAL Library: ADAL.Python 1.2.7 Platform: Python"}], "clientCredentialType": "none", "processingTimeInMilliseconds": 0, "riskDetail": "none", "riskLevelAggregated": "low", "riskLevelDuringSignIn": "low", "riskState": "none", "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "servicePrincipalName": "fonder-splunk", "servicePrincipalId": "3a84d8e7-5ff1-4d01-89c4-ee5e2e8f9a5a", "flaggedForReview": false, "isTenantRestricted": false, "crossTenantAccessType": "none", "servicePrincipalCredentialKeyId": "76d6d721-c4c0-4a83-8bbe-2e09793f7be0", "uniqueTokenIdentifier": "SO9BmV05_E-r-a0W36t9AA", "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9"}}
{"time": "2023-08-03T22:00:00.9987071Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "ServicePrincipalSignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "34.219.97.19", "correlationId": "716eb6e5-8296-44bd-b6b7-98c34f5d15b5", "Level": 4, "location": "US", "properties": {"id": "366fa241-f173-438e-909e-26d5edd6a500", "createdDateTime": "2023-08-03T21:58:45.6686888+00:00", "userId": null, "appId": "314aed90-58e5-4022-8cd0-2264893d8cb8", "ipAddress": "34.219.97.19", "status": {"errorCode": 0}, "location": {"city": "Boardman", "state": "Oregon", "countryOrRegion": "US", "geoCoordinates": {"latitude": 45.83599853515625, "longitude": -119.6989974975586}}, "correlationId": "716eb6e5-8296-44bd-b6b7-98c34f5d15b5", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "isInteractive": false, "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Azure AD App Authentication Library", "value": ""}], "clientCredentialType": "none", "processingTimeInMilliseconds": 0, "riskDetail": "none", "riskLevelAggregated": "low", "riskLevelDuringSignIn": "low", "riskState": "none", "resourceDisplayName": "Microsoft Graph", "resourceId": "00000003-0000-0000-c000-000000000000", "servicePrincipalName": "fonder-splunk", "servicePrincipalId": "3a84d8e7-5ff1-4d01-89c4-ee5e2e8f9a5a", "flaggedForReview": false, "isTenantRestricted": false, "crossTenantAccessType": "none", "servicePrincipalCredentialKeyId": "10273396-3b8c-4322-a311-ab81de4b69d0", "uniqueTokenIdentifier": "QaJvNnPxjkOQnibV7dalAA", "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "333b3653-e622-4b8a-a55c-b67d878113db"}}
{"time": "2023-08-03T21:59:28.5938286Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "4.4.4.4", "correlationId": "40c74971-956a-4931-809f-b05414298ab6", "identity": "Donald.Reed", "Level": 4, "location": "PE", "properties": {"id": "7936f882-4e3c-4ee0-900a-ced0898c2e00", "createdDateTime": "2023-08-03T21:57:17.1594021+00:00", "userDisplayName": "Donald.Reed", "userPrincipalName": "donald.reed@splunkresearch.com", "userId": "7ed76d05-0524-406d-aedb-9b83defe1db4", "appId": "d3590ed6-52b3-4102-aeff-aad2292ab01c", "appDisplayName": "Microsoft Office", "ipAddress": "4.4.4.4", "status": {"errorCode": 0}, "clientAppUsed": "Mobile Apps and Desktop clients", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/115.0", "deviceDetail": {"deviceId": "", "operatingSystem": "Windows", "browser": "Firefox 115.0"}, "location": {"city": "Portland", "state": "Portland Province", "countryOrRegion": "US", "geoCoordinates": {"latitude": 2.050000190734863, "longitude": -77.05000305175781}}, "correlationId": "40c74971-956a-4931-809f-b05414298ab6", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": [], "enforcedSessionControls": [], "result": "success", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "7936f882-4e3c-4ee0-900a-ced0898c2e00", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 315, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Microsoft Graph", "resourceId": "00000003-0000-0000-c000-000000000000", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [], "authenticationRequirementPolicies": [], "sessionLifetimePolicies": [], "authenticationRequirement": "singleFactorAuthentication", "alternateSignInName": "Donald.Reed@splunkresearch.com", "signInIdentifier": "Donald.Reed@splunkresearch.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12252, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "gvg2eTxO4E6QCs7QiYwuAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "deviceCode", "appServicePrincipalId": null, "resourceServicePrincipalId": "333b3653-e622-4b8a-a55c-b67d878113db", "rngcStatus": 0}}
{"time": "2023-08-03T21:59:16.1732814Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "50072", "resultSignature": "None", "resultDescription": "Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access the tenant.", "durationMs": 0, "callerIpAddress": "4.4.4.4", "correlationId": "40c74971-956a-4931-809f-b05414298ab6", "identity": "Donald.Reed", "Level": 4, "location": "PE", "properties": {"id": "b7a0b72e-b9d0-489b-8af9-c0ed21b6ae00", "createdDateTime": "2023-08-03T21:57:12.2634223+00:00", "userDisplayName": "Donald.Reed", "userPrincipalName": "donald.reed@splunkresearch.com", "userId": "7ed76d05-0524-406d-aedb-9b83defe1db4", "appId": "d3590ed6-52b3-4102-aeff-aad2292ab01c", "appDisplayName": "Microsoft Office", "ipAddress": "4.4.4.4", "status": {"errorCode": 50072, "failureReason": "Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access the tenant.", "additionalDetails": "MFA required in Azure AD"}, "clientAppUsed": "Mobile Apps and Desktop clients", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/115.0", "deviceDetail": {"deviceId": "", "operatingSystem": "Windows", "browser": "Firefox 115.0"}, "location": {"city": "Portland", "state": "Portland Province", "countryOrRegion": "US", "geoCoordinates": {"latitude": 2.050000190734863, "longitude": -77.05000305175781}}, "mfaDetail": {}, "correlationId": "40c74971-956a-4931-809f-b05414298ab6", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["MfaRegistration"], "enforcedSessionControls": [], "result": "failure", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "b7a0b72e-b9d0-489b-8af9-c0ed21b6ae00", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 80, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Microsoft Graph", "resourceId": "00000003-0000-0000-c000-000000000000", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [{"authenticationStepDateTime": "2023-08-03T21:57:12.2634223+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "First factor requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 0}, {"authenticationStepDateTime": "2023-08-03T21:57:12.2634223+00:00", "succeeded": false, "authenticationStepResultDetail": "MFA required in Azure AD", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "mfaRegistrationRequiredBySecurityDefaults", "detail": "Security Defaults"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12252, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "Lregt9C5m0iK-cDtIbauAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "333b3653-e622-4b8a-a55c-b67d878113db", "rngcStatus": 0}}
{"time": "2023-08-03T21:59:12.4439616Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "2800:200:e6f0:660:dca9:aac6:f979:dd14", "correlationId": "58eb65ab-823a-4059-85c1-b0675b60fe84", "identity": "Donald.Reed", "Level": 4, "location": "PE", "properties": {"id": "93bc5844-502f-42c4-9c07-bad89ea72100", "createdDateTime": "2023-08-03T21:55:37.2721179+00:00", "userDisplayName": "Donald.Reed", "userPrincipalName": "donald.reed@splunkresearch.com", "userId": "7ed76d05-0524-406d-aedb-9b83defe1db4", "appId": "4765445b-32c6-49b0-83e6-1d93765276ca", "appDisplayName": "OfficeHome", "ipAddress": "2800:200:e6f0:660:dca9:aac6:f979:dd14", "status": {"errorCode": 0}, "clientAppUsed": "Browser", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Rich Client 4.54.1.0"}, "location": {"city": "Portland", "state": "Portland Province", "countryOrRegion": "US", "geoCoordinates": {"latitude": 2.050000190734863, "longitude": -77.05000305175781}}, "correlationId": "58eb65ab-823a-4059-85c1-b0675b60fe84", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": [], "enforcedSessionControls": [], "result": "success", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "93bc5844-502f-42c4-9c07-bad89ea72100", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"OfficeHome.All\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 92, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "OfficeHome", "resourceId": "4765445b-32c6-49b0-83e6-1d93765276ca", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [], "authenticationRequirementPolicies": [], "sessionLifetimePolicies": [], "authenticationRequirement": "singleFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12252, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "RFi8ky9QxEKcB7rYnqchAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": null, "rngcStatus": 0}}
{"time": "2023-08-03T21:59:03.4113258Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "ServicePrincipalSignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "34.219.97.19", "correlationId": "a2af759c-541c-4803-ba78-e0b055ba66b9", "Level": 4, "location": "US", "properties": {"id": "65d83ad1-0343-4826-a033-aff1e7a49800", "createdDateTime": "2023-08-03T21:56:45.953504+00:00", "userId": null, "appId": "314aed90-58e5-4022-8cd0-2264893d8cb8", "ipAddress": "34.219.97.19", "status": {"errorCode": 0}, "location": {"city": "Boardman", "state": "Oregon", "countryOrRegion": "US", "geoCoordinates": {"latitude": 45.83599853515625, "longitude": -119.6989974975586}}, "correlationId": "a2af759c-541c-4803-ba78-e0b055ba66b9", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "isInteractive": false, "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Azure AD App Authentication Library", "value": ""}], "clientCredentialType": "none", "processingTimeInMilliseconds": 0, "riskDetail": "none", "riskLevelAggregated": "low", "riskLevelDuringSignIn": "low", "riskState": "none", "resourceDisplayName": "Microsoft Graph", "resourceId": "00000003-0000-0000-c000-000000000000", "servicePrincipalName": "fonder-splunk", "servicePrincipalId": "3a84d8e7-5ff1-4d01-89c4-ee5e2e8f9a5a", "flaggedForReview": false, "isTenantRestricted": false, "crossTenantAccessType": "none", "servicePrincipalCredentialKeyId": "10273396-3b8c-4322-a311-ab81de4b69d0", "uniqueTokenIdentifier": "0TrYZUMDJkigM6_x56SYAA", "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "333b3653-e622-4b8a-a55c-b67d878113db"}}
{"time": "2023-08-03T21:58:51.5568787Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "4.4.4.4", "correlationId": "40c74971-956a-4931-809f-b05414298ab6", "identity": "Donald.Reed", "Level": 4, "location": "PE", "properties": {"id": "f1149036-e2e4-48ca-aba4-e6d742edbc00", "createdDateTime": "2023-08-03T21:57:20.3989808+00:00", "userDisplayName": "Donald.Reed", "userPrincipalName": "donald.reed@splunkresearch.com", "userId": "7ed76d05-0524-406d-aedb-9b83defe1db4", "appId": "d3590ed6-52b3-4102-aeff-aad2292ab01c", "appDisplayName": "Microsoft Office", "ipAddress": "4.4.4.4", "status": {"errorCode": 0}, "clientAppUsed": "Mobile Apps and Desktop clients", "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19042", "deviceDetail": {"deviceId": "", "operatingSystem": "Windows10", "browser": "Edge 18.19042"}, "location": {"city": "Portland", "state": "Portland Province", "countryOrRegion": "US", "geoCoordinates": {"latitude": 2.050000190734863, "longitude": -77.05000305175781}}, "correlationId": "40c74971-956a-4931-809f-b05414298ab6", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": [], "enforcedSessionControls": [], "result": "success", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "f1149036-e2e4-48ca-aba4-e6d742edbc00", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"AuditLog.Read.All\",\"Calendar.ReadWrite\",\"Calendars.Read.Shared\",\"Calendars.ReadWrite\",\"Contacts.ReadWrite\",\"DataLossPreventionPolicy.Evaluate\",\"Directory.AccessAsUser.All\",\"Directory.Read.All\",\"Files.Read\",\"Files.Read.All\",\"Files.ReadWrite.All\",\"Group.Read.All\",\"Group.ReadWrite.All\",\"InformationProtectionPolicy.Read\",\"Mail.ReadWrite\",\"Notes.Create\",\"Organization.Read.All\",\"People.Read\",\"People.Read.All\",\"PrintJob.ReadWriteBasic\",\"SensitiveInfoType.Detect\",\"SensitiveInfoType.Read.All\",\"SensitivityLabel.Evaluate\",\"Tasks.ReadWrite\",\"TeamMember.ReadWrite.All\",\"TeamsTab.ReadWriteForChat\",\"User.Read.All\",\"User.ReadBasic.All\",\"User.ReadWrite\",\"Users.Read\",\"Printer.Read.All\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 242, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Microsoft Graph", "resourceId": "00000003-0000-0000-c000-000000000000", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [], "authenticationRequirementPolicies": [], "sessionLifetimePolicies": [], "authenticationRequirement": "singleFactorAuthentication", "alternateSignInName": "Donald.Reed@splunkresearch.com", "signInIdentifier": "Donald.Reed@splunkresearch.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12252, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "NpAU8eTiykirpObXQu28AA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "333b3653-e622-4b8a-a55c-b67d878113db", "rngcStatus": 0}}
{"time": "2023-08-03T21:58:51.2223616Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "50199", "resultSignature": "None", "resultDescription": "Other", "durationMs": 0, "callerIpAddress": "4.4.4.4", "correlationId": "40c74971-956a-4931-809f-b05414298ab6", "identity": "Donald.Reed", "Level": 4, "location": "PE", "properties": {"id": "c2bac0db-309b-44f9-8f82-4f9a99306e00", "createdDateTime": "2023-08-03T21:57:14.9294357+00:00", "userDisplayName": "Donald.Reed", "userPrincipalName": "donald.reed@splunkresearch.com", "userId": "7ed76d05-0524-406d-aedb-9b83defe1db4", "appId": "d3590ed6-52b3-4102-aeff-aad2292ab01c", "appDisplayName": "Microsoft Office", "ipAddress": "4.4.4.4", "status": {"errorCode": 50199, "failureReason": "Other"}, "clientAppUsed": "Mobile Apps and Desktop clients", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/115.0", "deviceDetail": {"deviceId": "", "operatingSystem": "Windows", "browser": "Firefox 115.0"}, "location": {"city": "Portland", "state": "Portland Province", "countryOrRegion": "US", "geoCoordinates": {"latitude": 2.050000190734863, "longitude": -77.05000305175781}}, "correlationId": "40c74971-956a-4931-809f-b05414298ab6", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": [], "enforcedSessionControls": [], "result": "success", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "c2bac0db-309b-44f9-8f82-4f9a99306e00", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 121, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Microsoft Graph", "resourceId": "00000003-0000-0000-c000-000000000000", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [], "authenticationRequirementPolicies": [], "sessionLifetimePolicies": [], "authenticationRequirement": "singleFactorAuthentication", "alternateSignInName": "Donald.Reed@splunkresearch.com", "signInIdentifier": "Donald.Reed@splunkresearch.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12252, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "28C6wpsw-USPgk-amTBuAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "333b3653-e622-4b8a-a55c-b67d878113db", "rngcStatus": 0}}
{"time": "2023-08-03T21:58:36.8442554Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "ServicePrincipalSignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "34.219.97.19", "correlationId": "240d9b7b-57a4-4abe-9b62-85f025328998", "Level": 4, "location": "US", "properties": {"id": "366fa241-f173-438e-909e-26d581cca500", "createdDateTime": "2023-08-03T21:57:45.5791127+00:00", "userId": null, "appId": "314aed90-58e5-4022-8cd0-2264893d8cb8", "ipAddress": "34.219.97.19", "status": {"errorCode": 0}, "location": {"city": "Boardman", "state": "Oregon", "countryOrRegion": "US", "geoCoordinates": {"latitude": 45.83599853515625, "longitude": -119.6989974975586}}, "correlationId": "240d9b7b-57a4-4abe-9b62-85f025328998", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "isInteractive": false, "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Azure AD App Authentication Library", "value": ""}], "clientCredentialType": "none", "processingTimeInMilliseconds": 0, "riskDetail": "none", "riskLevelAggregated": "low", "riskLevelDuringSignIn": "low", "riskState": "none", "resourceDisplayName": "Microsoft Graph", "resourceId": "00000003-0000-0000-c000-000000000000", "servicePrincipalName": "fonder-splunk", "servicePrincipalId": "3a84d8e7-5ff1-4d01-89c4-ee5e2e8f9a5a", "flaggedForReview": false, "isTenantRestricted": false, "crossTenantAccessType": "none", "servicePrincipalCredentialKeyId": "10273396-3b8c-4322-a311-ab81de4b69d0", "uniqueTokenIdentifier": "QaJvNnPxjkOQnibVgcylAA", "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "333b3653-e622-4b8a-a55c-b67d878113db"}}
{"time": "2023-08-03T21:58:13.9233845Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "2800:200:e6f0:660:dca9:aac6:f979:dd14", "correlationId": "007edcb9-6cd9-4cb9-a8c2-48a384202beb", "identity": "Donald.Reed", "Level": 4, "location": "PE", "properties": {"id": "c37703f0-3035-4016-ab24-e5f7ec82ba00", "createdDateTime": "2023-08-03T21:55:37.598056+00:00", "userDisplayName": "Donald.Reed", "userPrincipalName": "donald.reed@splunkresearch.com", "userId": "7ed76d05-0524-406d-aedb-9b83defe1db4", "appId": "4765445b-32c6-49b0-83e6-1d93765276ca", "appDisplayName": "OfficeHome", "ipAddress": "2800:200:e6f0:660:dca9:aac6:f979:dd14", "status": {"errorCode": 0}, "clientAppUsed": "Browser", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Rich Client 4.54.1.0"}, "location": {"city": "Portland", "state": "Portland Province", "countryOrRegion": "US", "geoCoordinates": {"latitude": 2.050000190734863, "longitude": -77.05000305175781}}, "correlationId": "007edcb9-6cd9-4cb9-a8c2-48a384202beb", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": [], "enforcedSessionControls": [], "result": "success", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "c37703f0-3035-4016-ab24-e5f7ec82ba00", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"ActivityFeed-Internal.ReadWrite\",\"Files.Read\",\"Files.ReadWrite\",\"Group.ReadWrite.All\",\"Notes.ReadWrite\",\"OfficeFeed-Internal.ReadWrite\",\"PeoplePredictions-Internal.Read\",\"RoamingUserSettings.ReadWrite\",\"SubstrateSearch-Internal.ReadWrite\",\"Files.ReadWrite.Shared\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 60, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Office 365 Exchange Microservices", "resourceId": "ec156f81-f23a-47bd-b16f-9fb2c66420f9", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [], "authenticationRequirementPolicies": [], "sessionLifetimePolicies": [], "authenticationRequirement": "singleFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12252, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "8AN3wzUwFkCrJOX37IK6AA", "authenticationStrengths": [], "incomingTokenType": "primaryRefreshToken", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": null, "rngcStatus": 0}}
{"time": "2023-08-03T21:58:12.6366496Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "2800:200:e6f0:660:dca9:aac6:f979:dd14", "correlationId": "5c250703-cb56-4c08-9346-61d33ac52553", "identity": "Donald.Reed", "Level": 4, "location": "PE", "properties": {"id": "fade8ad6-18cb-4af3-b653-91f630ab0d00", "createdDateTime": "2023-08-03T21:55:40.1779364+00:00", "userDisplayName": "Donald.Reed", "userPrincipalName": "donald.reed@splunkresearch.com", "userId": "7ed76d05-0524-406d-aedb-9b83defe1db4", "appId": "4765445b-32c6-49b0-83e6-1d93765276ca", "appDisplayName": "OfficeHome", "ipAddress": "2800:200:e6f0:660:dca9:aac6:f979:dd14", "status": {"errorCode": 0}, "clientAppUsed": "Browser", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Rich Client 4.54.1.0"}, "location": {"city": "Portland", "state": "Portland Province", "countryOrRegion": "US", "geoCoordinates": {"latitude": 2.050000190734863, "longitude": -77.05000305175781}}, "correlationId": "5c250703-cb56-4c08-9346-61d33ac52553", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": [], "enforcedSessionControls": [], "result": "success", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "fade8ad6-18cb-4af3-b653-91f630ab0d00", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"User.Read\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 63, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Microsoft Office 365 Portal", "resourceId": "00000006-0000-0ff1-ce00-000000000000", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [], "authenticationRequirementPolicies": [], "sessionLifetimePolicies": [], "authenticationRequirement": "singleFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12252, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "1ore-ssY80q2U5H2MKsNAA", "authenticationStrengths": [], "incomingTokenType": "primaryRefreshToken", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "79a4eaf1-dfc5-4e45-967c-23a579c6eb57", "rngcStatus": 0}}
{"time": "2023-08-03T21:58:06.8285031Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "2800:200:e6f0:660:dca9:aac6:f979:dd14", "correlationId": "f4f767db-a445-4d38-b287-5a548394c2e7", "identity": "Donald.Reed", "Level": 4, "location": "PE", "properties": {"id": "f1576e21-ffcb-4c85-a540-1f1fd9701300", "createdDateTime": "2023-08-03T21:55:40.7045416+00:00", "userDisplayName": "Donald.Reed", "userPrincipalName": "donald.reed@splunkresearch.com", "userId": "7ed76d05-0524-406d-aedb-9b83defe1db4", "appId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "appDisplayName": "Office365 Shell WCSS-Client", "ipAddress": "2800:200:e6f0:660:dca9:aac6:f979:dd14", "status": {"errorCode": 0}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/115.0", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Firefox 115.0"}, "location": {"city": "Portland", "state": "Portland Province", "countryOrRegion": "US", "geoCoordinates": {"latitude": 2.050000190734863, "longitude": -77.05000305175781}}, "correlationId": "f4f767db-a445-4d38-b287-5a548394c2e7", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": [], "enforcedSessionControls": [], "result": "success", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "f1576e21-ffcb-4c85-a540-1f1fd9701300", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"email\",\"Files.ReadWrite\",\"openid\",\"profile\",\"User.ReadWrite\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 57, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Microsoft Graph", "resourceId": "00000003-0000-0000-c000-000000000000", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [], "authenticationRequirementPolicies": [], "sessionLifetimePolicies": [], "authenticationRequirement": "singleFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12252, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "IW5X8cv_hUylQB8f2XATAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "333b3653-e622-4b8a-a55c-b67d878113db", "rngcStatus": 0}}
{"time": "2023-08-03T21:58:06.6761367Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "2800:200:e6f0:660:dca9:aac6:f979:dd14", "correlationId": "e9eca97b-614a-489d-a8f0-8d55c86f40ab", "identity": "Donald.Reed", "Level": 4, "location": "PE", "properties": {"id": "1c09883e-bd81-4223-8883-01e762422b00", "createdDateTime": "2023-08-03T21:55:40.2034252+00:00", "userDisplayName": "Donald.Reed", "userPrincipalName": "donald.reed@splunkresearch.com", "userId": "7ed76d05-0524-406d-aedb-9b83defe1db4", "appId": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", "appDisplayName": "Office365 Shell WCSS-Client", "ipAddress": "2800:200:e6f0:660:dca9:aac6:f979:dd14", "status": {"errorCode": 0}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/115.0", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Firefox 115.0"}, "location": {"city": "Portland", "state": "Portland Province", "countryOrRegion": "US", "geoCoordinates": {"latitude": 2.050000190734863, "longitude": -77.05000305175781}}, "correlationId": "e9eca97b-614a-489d-a8f0-8d55c86f40ab", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": [], "enforcedSessionControls": [], "result": "success", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "1c09883e-bd81-4223-8883-01e762422b00", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Login Hint Present", "value": "True"}, {"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 55, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Microsoft Graph", "resourceId": "00000003-0000-0000-c000-000000000000", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [{"authenticationStepDateTime": "2023-08-03T21:55:40.2034252+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "First factor requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 0}], "authenticationRequirementPolicies": [], "sessionLifetimePolicies": [], "authenticationRequirement": "singleFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12252, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "PogJHIG9I0KIgwHnYkIrAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "333b3653-e622-4b8a-a55c-b67d878113db", "rngcStatus": 0}}
{"time": "2023-08-03T21:58:06.3128631Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "2800:200:e6f0:660:dca9:aac6:f979:dd14", "correlationId": "8dbfd4c7-b2e9-4a04-b0e7-5059966d6dc8", "identity": "Donald.Reed", "Level": 4, "location": "PE", "properties": {"id": "f1576e21-ffcb-4c85-a540-1f1fae701300", "createdDateTime": "2023-08-03T21:55:40.0057464+00:00", "userDisplayName": "Donald.Reed", "userPrincipalName": "donald.reed@splunkresearch.com", "userId": "7ed76d05-0524-406d-aedb-9b83defe1db4", "appId": "00000006-0000-0ff1-ce00-000000000000", "appDisplayName": "Microsoft Office 365 Portal", "ipAddress": "2800:200:e6f0:660:dca9:aac6:f979:dd14", "status": {"errorCode": 0}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/115.0", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Firefox 115.0"}, "location": {"city": "Portland", "state": "Portland Province", "countryOrRegion": "US", "geoCoordinates": {"latitude": 2.050000190734863, "longitude": -77.05000305175781}}, "correlationId": "8dbfd4c7-b2e9-4a04-b0e7-5059966d6dc8", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": [], "enforcedSessionControls": [], "result": "success", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "f1576e21-ffcb-4c85-a540-1f1fae701300", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Login Hint Present", "value": "True"}, {"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 66, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Active Directory", "resourceId": "00000002-0000-0000-c000-000000000000", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [{"authenticationStepDateTime": "2023-08-03T21:55:40.0057464+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "First factor requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 0}], "authenticationRequirementPolicies": [], "sessionLifetimePolicies": [], "authenticationRequirement": "singleFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12252, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "IW5X8cv_hUylQB8frnATAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "4d6bd7de-c9bc-45cc-b8ec-ae315f66bf77", "rngcStatus": 0}}
{"time": "2023-08-03T21:58:06.2284810Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "2800:200:e6f0:660:dca9:aac6:f979:dd14", "correlationId": "3bee47d0-bb40-417b-8f30-cf18d8d521d3", "identity": "Donald.Reed", "Level": 4, "location": "PE", "properties": {"id": "d3528a1a-69ed-44aa-a58e-395c101f8200", "createdDateTime": "2023-08-03T21:55:38.2081382+00:00", "userDisplayName": "Donald.Reed", "userPrincipalName": "donald.reed@splunkresearch.com", "userId": "7ed76d05-0524-406d-aedb-9b83defe1db4", "appId": "e8be65d6-d430-4289-a665-51bf2a194bda", "appDisplayName": "Microsoft 365 App Catalog Services", "ipAddress": "2800:200:e6f0:660:dca9:aac6:f979:dd14", "status": {"errorCode": 0}, "clientAppUsed": "Browser", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Rich Client 4.54.1.0"}, "location": {"city": "Portland", "state": "Portland Province", "countryOrRegion": "US", "geoCoordinates": {"latitude": 2.050000190734863, "longitude": -77.05000305175781}}, "correlationId": "3bee47d0-bb40-417b-8f30-cf18d8d521d3", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": [], "enforcedSessionControls": [], "result": "success", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "d3528a1a-69ed-44aa-a58e-395c101f8200", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"Region.ReadWrite\",\"Apps.Read\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 122, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Microsoft Teams Services", "resourceId": "cc15fd57-2c6c-4117-a88c-83b1d56b4bbe", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [], "authenticationRequirementPolicies": [], "sessionLifetimePolicies": [], "authenticationRequirement": "singleFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12252, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "GopS0-1pqkSljjlcEB-CAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "452f8cff-a0bf-4fe5-9c50-cbc9e7f5f1ad", "rngcStatus": 0}}
{"time": "2023-08-03T21:58:05.1153063Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "NonInteractiveUserSignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "0", "resultSignature": "None", "durationMs": 0, "callerIpAddress": "2800:200:e6f0:660:dca9:aac6:f979:dd14", "correlationId": "250af263-ee59-4857-b301-1fcab5a52501", "identity": "Donald.Reed", "Level": 4, "location": "PE", "properties": {"id": "a33ff845-654f-4a3a-8340-5606fe539300", "createdDateTime": "2023-08-03T21:55:37.6149352+00:00", "userDisplayName": "Donald.Reed", "userPrincipalName": "donald.reed@splunkresearch.com", "userId": "7ed76d05-0524-406d-aedb-9b83defe1db4", "appId": "4765445b-32c6-49b0-83e6-1d93765276ca", "appDisplayName": "OfficeHome", "ipAddress": "2800:200:e6f0:660:dca9:aac6:f979:dd14", "status": {"errorCode": 0}, "clientAppUsed": "Browser", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Rich Client 4.54.1.0"}, "location": {"city": "Portland", "state": "Portland Province", "countryOrRegion": "US", "geoCoordinates": {"latitude": 2.050000190734863, "longitude": -77.05000305175781}}, "correlationId": "250af263-ee59-4857-b301-1fcab5a52501", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": [], "enforcedSessionControls": [], "result": "success", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "a33ff845-654f-4a3a-8340-5606fe539300", "isInteractive": false, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Oauth Scope Info", "value": "[\"User.Read\"]"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 89, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Microsoft Office 365 Portal", "resourceId": "00000006-0000-0ff1-ce00-000000000000", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [], "authenticationRequirementPolicies": [], "sessionLifetimePolicies": [], "authenticationRequirement": "singleFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 12252, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "Rfg_o09lOkqDQFYG_lOTAA", "authenticationStrengths": [], "incomingTokenType": "primaryRefreshToken", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "79a4eaf1-dfc5-4e45-967c-23a579c6eb57", "rngcStatus": 0}}