{"time": "2023-07-27T16:23:09.4188015Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "500121", "resultSignature": "None", "resultDescription": "Authentication failed during strong authentication request.", "durationMs": 0, "callerIpAddress": "2601:646:a000:200:c574:e749:b4bd:3b02", "correlationId": "be91d455-285d-4623-bc0f-69e610bf1fac", "identity": "tommy", "Level": 4, "location": "US", "properties": {"id": "566404d6-fcb3-43c6-a113-fd8b21650a00", "createdDateTime": "2023-07-27T16:20:06.7916052+00:00", "userDisplayName": "tommy", "userPrincipalName": "tommyr@splunkresearch.com", "userId": "728989f4-eb3d-45c2-8741-2f2af4e485ce", "appId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "appDisplayName": "Azure Portal", "ipAddress": "2601:646:a000:200:c574:e749:b4bd:3b02", "status": {"errorCode": 500121, "failureReason": "Authentication failed during strong authentication request.", "additionalDetails": "MFA denied; invalid verification code"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 114.0.0"}, "location": {"city": "San Jose", "state": "California", "countryOrRegion": "US", "geoCoordinates": {"latitude": 37.3306884765625, "longitude": -121.83946228027344}}, "mfaDetail": {"authMethod": "Text message"}, "correlationId": "be91d455-285d-4623-bc0f-69e610bf1fac", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "failure", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "566404d6-fcb3-43c6-a113-fd8b21650a00", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 118, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [{"authenticationStepDateTime": "2023-07-27T16:20:06.7916052+00:00", "authenticationMethod": "Password", "authenticationMethodDetail": "Password in the cloud", "succeeded": false, "authenticationStepResultDetail": "Authentication failed during strong authentication request.", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 1}, {"authenticationStepDateTime": "2023-07-27T16:20:06.7916052+00:00", "authenticationMethod": "Text message", "succeeded": false, "authenticationStepResultDetail": "MFA denied; invalid verification code", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "tommyr@splunkresearch.com", "signInIdentifier": "tommyr@splunkresearch.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 7922, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "1gRkVrP8xkOhE_2LIWUKAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}} {"time": "2023-07-27T16:22:59.5702518Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "500121", "resultSignature": "None", "resultDescription": "Authentication failed during strong authentication request.", "durationMs": 0, "callerIpAddress": "2601:646:a000:200:c574:e749:b4bd:3b02", "correlationId": "be91d455-285d-4623-bc0f-69e610bf1fac", "identity": "728989f4-eb3d-45c2-8741-2f2af4e485ce", "Level": 4, "properties": {"id": "566404d6-fcb3-43c6-a113-fd8b21650a00", "createdDateTime": "2023-07-27T16:20:10.8782981+00:00", "userDisplayName": "728989f4-eb3d-45c2-8741-2f2af4e485ce", "userPrincipalName": "728989f4-eb3d-45c2-8741-2f2af4e485ce", "userId": "728989f4-eb3d-45c2-8741-2f2af4e485ce", "appId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "appDisplayName": "Azure Portal", "ipAddress": "2601:646:a000:200:c574:e749:b4bd:3b02", "status": {"errorCode": 500121, "failureReason": "Authentication failed during strong authentication request."}, "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "OSX", "browser": "Chrome 114.0.0"}, "location": {"geoCoordinates": {}}, "mfaDetail": {"authMethod": "Text message"}, "correlationId": "be91d455-285d-4623-bc0f-69e610bf1fac", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [], "authenticationContextClassReferences": [], "originalRequestId": "566404d6-fcb3-43c6-a113-fd8b21650a00", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 368, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [], "authenticationRequirementPolicies": [], "sessionLifetimePolicies": [], "authenticationRequirement": "singleFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "1gRkVrP8xkOhE_2LIWUKAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": null, "rngcStatus": 0}}