{"time": "2023-07-31T22:08:41.5982646Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "500121", "resultSignature": "None", "resultDescription": "Authentication failed during strong authentication request.", "durationMs": 0, "callerIpAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "identity": "hereiam", "Level": 4, "location": "US", "properties": {"id": "6d855ca5-0c0d-44ec-aa61-b9d693a41100", "createdDateTime": "2023-07-31T22:03:49.1917081+00:00", "userDisplayName": "hereiam", "userPrincipalName": "hereiamr@splunkresearch.com", "userId": "728989f4-eb3d-45c2-8741-2f2af4e485ce", "appId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "appDisplayName": "Azure Portal", "ipAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "status": {"errorCode": 500121, "failureReason": "Authentication failed during strong authentication request.", "additionalDetails": "MFA denied; invalid verification code"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 114.0.0"}, "location": {"city": "San Jose", "state": "California", "countryOrRegion": "US", "geoCoordinates": {"latitude": 2, "longitude": -1}}, "mfaDetail": {"authMethod": "Text message"}, "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "failure", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "6d855ca5-0c0d-44ec-aa61-b9d693a41100", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 79, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [{"authenticationStepDateTime": "2023-07-31T22:03:49.1917081+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "First factor requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 0}, {"authenticationStepDateTime": "2023-07-31T22:03:49.1917081+00:00", "authenticationMethod": "Text message", "succeeded": false, "authenticationStepResultDetail": "MFA denied; invalid verification code", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 7922, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "pVyFbQ0M7ESqYbnWk6QRAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}}
{"time": "2023-07-31T22:07:14.8215841Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "500121", "resultSignature": "None", "resultDescription": "Authentication failed during strong authentication request.", "durationMs": 0, "callerIpAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "identity": "hereiam", "Level": 4, "location": "US", "properties": {"id": "6d855ca5-0c0d-44ec-aa61-b9d693a41100", "createdDateTime": "2023-07-31T22:03:49.1917081+00:00", "userDisplayName": "hereiam", "userPrincipalName": "hereiamr@splunkresearch.com", "userId": "728989f4-eb3d-45c2-8741-2f2af4e485ce", "appId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "appDisplayName": "Azure Portal", "ipAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "status": {"errorCode": 500121, "failureReason": "Authentication failed during strong authentication request.", "additionalDetails": "MFA denied; invalid verification code"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 114.0.0"}, "location": {"city": "San Jose", "state": "California", "countryOrRegion": "US", "geoCoordinates": {"latitude": 2, "longitude": -1}}, "mfaDetail": {"authMethod": "Text message"}, "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "failure", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "6d855ca5-0c0d-44ec-aa61-b9d693a41100", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 79, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [{"authenticationStepDateTime": "2023-07-31T22:03:49.1917081+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "First factor requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 0}, {"authenticationStepDateTime": "2023-07-31T22:03:49.1917081+00:00", "authenticationMethod": "Text message", "succeeded": false, "authenticationStepResultDetail": "MFA denied; invalid verification code", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 7922, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "pVyFbQ0M7ESqYbnWk6QRAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}}
{"time": "2023-07-31T22:06:45.4747937Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "500121", "resultSignature": "None", "resultDescription": "Authentication failed during strong authentication request.", "durationMs": 0, "callerIpAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "identity": "hereiam", "Level": 4, "location": "US", "properties": {"id": "6d855ca5-0c0d-44ec-aa61-b9d693a41100", "createdDateTime": "2023-07-31T22:03:49.1917081+00:00", "userDisplayName": "hereiam", "userPrincipalName": "hereiamr@splunkresearch.com", "userId": "728989f4-eb3d-45c2-8741-2f2af4e485ce", "appId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "appDisplayName": "Azure Portal", "ipAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "status": {"errorCode": 500121, "failureReason": "Authentication failed during strong authentication request.", "additionalDetails": "MFA denied; invalid verification code"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 114.0.0"}, "location": {"city": "San Jose", "state": "California", "countryOrRegion": "US", "geoCoordinates": {"latitude": 2, "longitude": -1}}, "mfaDetail": {"authMethod": "Text message"}, "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "failure", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "6d855ca5-0c0d-44ec-aa61-b9d693a41100", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 79, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [{"authenticationStepDateTime": "2023-07-31T22:03:49.1917081+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "First factor requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 0}, {"authenticationStepDateTime": "2023-07-31T22:03:49.1917081+00:00", "authenticationMethod": "Text message", "succeeded": false, "authenticationStepResultDetail": "MFA denied; invalid verification code", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 7922, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "pVyFbQ0M7ESqYbnWk6QRAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}}
{"time": "2023-07-31T22:06:15.4861499Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "500121", "resultSignature": "None", "resultDescription": "Authentication failed during strong authentication request.", "durationMs": 0, "callerIpAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "identity": "hereiam", "Level": 4, "location": "US", "properties": {"id": "6d855ca5-0c0d-44ec-aa61-b9d693a41100", "createdDateTime": "2023-07-31T22:03:49.1917081+00:00", "userDisplayName": "hereiam", "userPrincipalName": "hereiamr@splunkresearch.com", "userId": "728989f4-eb3d-45c2-8741-2f2af4e485ce", "appId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "appDisplayName": "Azure Portal", "ipAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "status": {"errorCode": 500121, "failureReason": "Authentication failed during strong authentication request.", "additionalDetails": "MFA denied; invalid verification code"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 114.0.0"}, "location": {"city": "San Jose", "state": "California", "countryOrRegion": "US", "geoCoordinates": {"latitude": 2, "longitude": -1}}, "mfaDetail": {"authMethod": "Text message"}, "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "failure", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "6d855ca5-0c0d-44ec-aa61-b9d693a41100", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 79, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [{"authenticationStepDateTime": "2023-07-31T22:03:49.1917081+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "First factor requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 0}, {"authenticationStepDateTime": "2023-07-31T22:03:49.1917081+00:00", "authenticationMethod": "Text message", "succeeded": false, "authenticationStepResultDetail": "MFA denied; invalid verification code", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 7922, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "pVyFbQ0M7ESqYbnWk6QRAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}}
{"time": "2023-07-31T22:06:13.3607251Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "500121", "resultSignature": "None", "resultDescription": "Authentication failed during strong authentication request.", "durationMs": 0, "callerIpAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "identity": "hereiam", "Level": 4, "location": "US", "properties": {"id": "6d855ca5-0c0d-44ec-aa61-b9d693a41100", "createdDateTime": "2023-07-31T22:03:49.1917081+00:00", "userDisplayName": "hereiam", "userPrincipalName": "hereiamr@splunkresearch.com", "userId": "728989f4-eb3d-45c2-8741-2f2af4e485ce", "appId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "appDisplayName": "Azure Portal", "ipAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "status": {"errorCode": 500121, "failureReason": "Authentication failed during strong authentication request.", "additionalDetails": "MFA denied; invalid verification code"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 114.0.0"}, "location": {"city": "San Jose", "state": "California", "countryOrRegion": "US", "geoCoordinates": {"latitude": 2, "longitude": -1}}, "mfaDetail": {"authMethod": "Text message"}, "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "failure", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "6d855ca5-0c0d-44ec-aa61-b9d693a41100", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 79, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [{"authenticationStepDateTime": "2023-07-31T22:03:49.1917081+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "First factor requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 0}, {"authenticationStepDateTime": "2023-07-31T22:03:49.1917081+00:00", "authenticationMethod": "Text message", "succeeded": false, "authenticationStepResultDetail": "MFA denied; invalid verification code", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 7922, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "pVyFbQ0M7ESqYbnWk6QRAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}}
{"time": "2023-07-31T22:06:03.5214067Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "500121", "resultSignature": "None", "resultDescription": "Authentication failed during strong authentication request.", "durationMs": 0, "callerIpAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "identity": "hereiam", "Level": 4, "location": "US", "properties": {"id": "6d855ca5-0c0d-44ec-aa61-b9d693a41100", "createdDateTime": "2023-07-31T22:03:49.1917081+00:00", "userDisplayName": "hereiam", "userPrincipalName": "hereiamr@splunkresearch.com", "userId": "728989f4-eb3d-45c2-8741-2f2af4e485ce", "appId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "appDisplayName": "Azure Portal", "ipAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "status": {"errorCode": 500121, "failureReason": "Authentication failed during strong authentication request.", "additionalDetails": "MFA denied; invalid verification code"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 114.0.0"}, "location": {"city": "San Jose", "state": "California", "countryOrRegion": "US", "geoCoordinates": {"latitude": 2, "longitude": -1}}, "mfaDetail": {"authMethod": "Text message"}, "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "failure", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "6d855ca5-0c0d-44ec-aa61-b9d693a41100", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 79, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [{"authenticationStepDateTime": "2023-07-31T22:03:49.1917081+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "First factor requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 0}, {"authenticationStepDateTime": "2023-07-31T22:03:49.1917081+00:00", "authenticationMethod": "Text message", "succeeded": false, "authenticationStepResultDetail": "MFA denied; invalid verification code", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 7922, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "pVyFbQ0M7ESqYbnWk6QRAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}}
{"time": "2023-07-31T22:05:44.8126943Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "500121", "resultSignature": "None", "resultDescription": "Authentication failed during strong authentication request.", "durationMs": 0, "callerIpAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "identity": "hereiam", "Level": 4, "location": "US", "properties": {"id": "6d855ca5-0c0d-44ec-aa61-b9d693a41100", "createdDateTime": "2023-07-31T22:03:49.1917081+00:00", "userDisplayName": "hereiam", "userPrincipalName": "hereiamr@splunkresearch.com", "userId": "728989f4-eb3d-45c2-8741-2f2af4e485ce", "appId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "appDisplayName": "Azure Portal", "ipAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "status": {"errorCode": 500121, "failureReason": "Authentication failed during strong authentication request.", "additionalDetails": "MFA denied; invalid verification code"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 114.0.0"}, "location": {"city": "San Jose", "state": "California", "countryOrRegion": "US", "geoCoordinates": {"latitude": 2, "longitude": -1}}, "mfaDetail": {"authMethod": "Text message"}, "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "failure", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "6d855ca5-0c0d-44ec-aa61-b9d693a41100", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 79, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [{"authenticationStepDateTime": "2023-07-31T22:03:49.1917081+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "First factor requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 0}, {"authenticationStepDateTime": "2023-07-31T22:03:49.1917081+00:00", "authenticationMethod": "Text message", "succeeded": false, "authenticationStepResultDetail": "MFA denied; invalid verification code", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 7922, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "pVyFbQ0M7ESqYbnWk6QRAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}}
{"time": "2023-07-31T22:05:44.2136793Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "500121", "resultSignature": "None", "resultDescription": "Authentication failed during strong authentication request.", "durationMs": 0, "callerIpAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "identity": "hereiam", "Level": 4, "location": "US", "properties": {"id": "6d855ca5-0c0d-44ec-aa61-b9d693a41100", "createdDateTime": "2023-07-31T22:03:49.1917081+00:00", "userDisplayName": "hereiam", "userPrincipalName": "hereiamr@splunkresearch.com", "userId": "728989f4-eb3d-45c2-8741-2f2af4e485ce", "appId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "appDisplayName": "Azure Portal", "ipAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "status": {"errorCode": 500121, "failureReason": "Authentication failed during strong authentication request.", "additionalDetails": "MFA denied; invalid verification code"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 114.0.0"}, "location": {"city": "San Jose", "state": "California", "countryOrRegion": "US", "geoCoordinates": {"latitude": 2, "longitude": -1}}, "mfaDetail": {"authMethod": "Text message"}, "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "failure", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "6d855ca5-0c0d-44ec-aa61-b9d693a41100", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 79, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [{"authenticationStepDateTime": "2023-07-31T22:03:49.1917081+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "First factor requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 0}, {"authenticationStepDateTime": "2023-07-31T22:03:49.1917081+00:00", "authenticationMethod": "Text message", "succeeded": false, "authenticationStepResultDetail": "MFA denied; invalid verification code", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 7922, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "pVyFbQ0M7ESqYbnWk6QRAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}}
{"time": "2023-07-31T22:05:42.5214886Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "500121", "resultSignature": "None", "resultDescription": "Authentication failed during strong authentication request.", "durationMs": 0, "callerIpAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "identity": "hereiam", "Level": 4, "location": "US", "properties": {"id": "6d855ca5-0c0d-44ec-aa61-b9d693a41100", "createdDateTime": "2023-07-31T22:03:49.1917081+00:00", "userDisplayName": "hereiam", "userPrincipalName": "hereiamr@splunkresearch.com", "userId": "728989f4-eb3d-45c2-8741-2f2af4e485ce", "appId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "appDisplayName": "Azure Portal", "ipAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "status": {"errorCode": 500121, "failureReason": "Authentication failed during strong authentication request.", "additionalDetails": "MFA denied; invalid verification code"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 114.0.0"}, "location": {"city": "San Jose", "state": "California", "countryOrRegion": "US", "geoCoordinates": {"latitude": 2, "longitude": -1}}, "mfaDetail": {"authMethod": "Text message"}, "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "failure", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "6d855ca5-0c0d-44ec-aa61-b9d693a41100", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 79, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [{"authenticationStepDateTime": "2023-07-31T22:03:49.1917081+00:00", "authenticationMethod": "Previously satisfied", "succeeded": true, "authenticationStepResultDetail": "First factor requirement satisfied by claim in the token", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 0}, {"authenticationStepDateTime": "2023-07-31T22:03:49.1917081+00:00", "authenticationMethod": "Text message", "succeeded": false, "authenticationStepResultDetail": "MFA denied; invalid verification code", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 7922, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "pVyFbQ0M7ESqYbnWk6QRAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}}
{"time": "2023-07-31T22:05:17.4194160Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "500121", "resultSignature": "None", "resultDescription": "Authentication failed during strong authentication request.", "durationMs": 0, "callerIpAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "identity": "hereiam", "Level": 4, "location": "US", "properties": {"id": "7e93d1be-19c9-45a1-ad83-c1b910493300", "createdDateTime": "2023-07-31T22:01:54.6184856+00:00", "userDisplayName": "hereiam", "userPrincipalName": "hereiamr@splunkresearch.com", "userId": "728989f4-eb3d-45c2-8741-2f2af4e485ce", "appId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "appDisplayName": "Azure Portal", "ipAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "status": {"errorCode": 500121, "failureReason": "Authentication failed during strong authentication request.", "additionalDetails": "MFA denied; invalid verification code"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 114.0.0"}, "location": {"city": "San Jose", "state": "California", "countryOrRegion": "US", "geoCoordinates": {"latitude": 2, "longitude": -1}}, "mfaDetail": {"authMethod": "Text message"}, "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "failure", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "7e93d1be-19c9-45a1-ad83-c1b910493300", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 105, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [{"authenticationStepDateTime": "2023-07-31T22:01:54.6184856+00:00", "authenticationMethod": "Password", "authenticationMethodDetail": "Password in the cloud", "succeeded": false, "authenticationStepResultDetail": "Authentication failed during strong authentication request.", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 1}, {"authenticationStepDateTime": "2023-07-31T22:01:54.6184856+00:00", "authenticationMethod": "Text message", "succeeded": false, "authenticationStepResultDetail": "MFA denied; invalid verification code", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "hereiamr@splunkresearch.com", "signInIdentifier": "hereiamr@splunkresearch.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 7922, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "vtGTfskZoUWtg8G5EEkzAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}}
{"time": "2023-07-31T22:05:14.2137774Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "500121", "resultSignature": "None", "resultDescription": "Authentication failed during strong authentication request.", "durationMs": 0, "callerIpAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "identity": "hereiam", "Level": 4, "location": "US", "properties": {"id": "7e93d1be-19c9-45a1-ad83-c1b910493300", "createdDateTime": "2023-07-31T22:01:54.6184856+00:00", "userDisplayName": "hereiam", "userPrincipalName": "hereiamr@splunkresearch.com", "userId": "728989f4-eb3d-45c2-8741-2f2af4e485ce", "appId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "appDisplayName": "Azure Portal", "ipAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "status": {"errorCode": 500121, "failureReason": "Authentication failed during strong authentication request.", "additionalDetails": "MFA denied; invalid verification code"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 114.0.0"}, "location": {"city": "San Jose", "state": "California", "countryOrRegion": "US", "geoCoordinates": {"latitude": 2, "longitude": -1}}, "mfaDetail": {"authMethod": "Text message"}, "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "failure", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "7e93d1be-19c9-45a1-ad83-c1b910493300", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 105, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [{"authenticationStepDateTime": "2023-07-31T22:01:54.6184856+00:00", "authenticationMethod": "Password", "authenticationMethodDetail": "Password in the cloud", "succeeded": false, "authenticationStepResultDetail": "Authentication failed during strong authentication request.", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 1}, {"authenticationStepDateTime": "2023-07-31T22:01:54.6184856+00:00", "authenticationMethod": "Text message", "succeeded": false, "authenticationStepResultDetail": "MFA denied; invalid verification code", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "hereiamr@splunkresearch.com", "signInIdentifier": "hereiamr@splunkresearch.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 7922, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "vtGTfskZoUWtg8G5EEkzAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}}
{"time": "2023-07-31T22:04:14.8393926Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "500121", "resultSignature": "None", "resultDescription": "Authentication failed during strong authentication request.", "durationMs": 0, "callerIpAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "identity": "hereiam", "Level": 4, "location": "US", "properties": {"id": "7e93d1be-19c9-45a1-ad83-c1b910493300", "createdDateTime": "2023-07-31T22:01:54.6184856+00:00", "userDisplayName": "hereiam", "userPrincipalName": "hereiamr@splunkresearch.com", "userId": "728989f4-eb3d-45c2-8741-2f2af4e485ce", "appId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "appDisplayName": "Azure Portal", "ipAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "status": {"errorCode": 500121, "failureReason": "Authentication failed during strong authentication request.", "additionalDetails": "MFA denied; invalid verification code"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 114.0.0"}, "location": {"city": "San Jose", "state": "California", "countryOrRegion": "US", "geoCoordinates": {"latitude": 2, "longitude": -1}}, "mfaDetail": {"authMethod": "Text message"}, "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "failure", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "7e93d1be-19c9-45a1-ad83-c1b910493300", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 105, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [{"authenticationStepDateTime": "2023-07-31T22:01:54.6184856+00:00", "authenticationMethod": "Password", "authenticationMethodDetail": "Password in the cloud", "succeeded": false, "authenticationStepResultDetail": "Authentication failed during strong authentication request.", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 1}, {"authenticationStepDateTime": "2023-07-31T22:01:54.6184856+00:00", "authenticationMethod": "Text message", "succeeded": false, "authenticationStepResultDetail": "MFA denied; invalid verification code", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "hereiamr@splunkresearch.com", "signInIdentifier": "hereiamr@splunkresearch.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 7922, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "vtGTfskZoUWtg8G5EEkzAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}}
{"time": "2023-07-31T22:04:14.6328041Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "500121", "resultSignature": "None", "resultDescription": "Authentication failed during strong authentication request.", "durationMs": 0, "callerIpAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "identity": "hereiam", "Level": 4, "location": "US", "properties": {"id": "7e93d1be-19c9-45a1-ad83-c1b910493300", "createdDateTime": "2023-07-31T22:01:54.6184856+00:00", "userDisplayName": "hereiam", "userPrincipalName": "hereiamr@splunkresearch.com", "userId": "728989f4-eb3d-45c2-8741-2f2af4e485ce", "appId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "appDisplayName": "Azure Portal", "ipAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "status": {"errorCode": 500121, "failureReason": "Authentication failed during strong authentication request.", "additionalDetails": "MFA denied; invalid verification code"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 114.0.0"}, "location": {"city": "San Jose", "state": "California", "countryOrRegion": "US", "geoCoordinates": {"latitude": 2, "longitude": -1}}, "mfaDetail": {"authMethod": "Text message"}, "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "failure", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "7e93d1be-19c9-45a1-ad83-c1b910493300", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 105, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [{"authenticationStepDateTime": "2023-07-31T22:01:54.6184856+00:00", "authenticationMethod": "Password", "authenticationMethodDetail": "Password in the cloud", "succeeded": false, "authenticationStepResultDetail": "Authentication failed during strong authentication request.", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 1}, {"authenticationStepDateTime": "2023-07-31T22:01:54.6184856+00:00", "authenticationMethod": "Text message", "succeeded": false, "authenticationStepResultDetail": "MFA denied; invalid verification code", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "hereiamr@splunkresearch.com", "signInIdentifier": "hereiamr@splunkresearch.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 7922, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "vtGTfskZoUWtg8G5EEkzAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}}
{"time": "2023-07-31T22:04:05.0448095Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "500121", "resultSignature": "None", "resultDescription": "Authentication failed during strong authentication request.", "durationMs": 0, "callerIpAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "identity": "hereiam", "Level": 4, "location": "US", "properties": {"id": "7e93d1be-19c9-45a1-ad83-c1b910493300", "createdDateTime": "2023-07-31T22:01:54.6184856+00:00", "userDisplayName": "hereiam", "userPrincipalName": "hereiamr@splunkresearch.com", "userId": "728989f4-eb3d-45c2-8741-2f2af4e485ce", "appId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "appDisplayName": "Azure Portal", "ipAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "status": {"errorCode": 500121, "failureReason": "Authentication failed during strong authentication request.", "additionalDetails": "MFA denied; invalid verification code"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 114.0.0"}, "location": {"city": "San Jose", "state": "California", "countryOrRegion": "US", "geoCoordinates": {"latitude": 2, "longitude": -1}}, "mfaDetail": {"authMethod": "Text message"}, "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "failure", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "7e93d1be-19c9-45a1-ad83-c1b910493300", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 105, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [{"authenticationStepDateTime": "2023-07-31T22:01:54.6184856+00:00", "authenticationMethod": "Password", "authenticationMethodDetail": "Password in the cloud", "succeeded": false, "authenticationStepResultDetail": "Authentication failed during strong authentication request.", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 1}, {"authenticationStepDateTime": "2023-07-31T22:01:54.6184856+00:00", "authenticationMethod": "Text message", "succeeded": false, "authenticationStepResultDetail": "MFA denied; invalid verification code", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "hereiamr@splunkresearch.com", "signInIdentifier": "hereiamr@splunkresearch.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 7922, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "vtGTfskZoUWtg8G5EEkzAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}}
{"time": "2023-07-31T22:04:01.8775709Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "500121", "resultSignature": "None", "resultDescription": "Authentication failed during strong authentication request.", "durationMs": 0, "callerIpAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "identity": "hereiam", "Level": 4, "location": "US", "properties": {"id": "7e93d1be-19c9-45a1-ad83-c1b910493300", "createdDateTime": "2023-07-31T22:01:54.6184856+00:00", "userDisplayName": "hereiam", "userPrincipalName": "hereiamr@splunkresearch.com", "userId": "728989f4-eb3d-45c2-8741-2f2af4e485ce", "appId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "appDisplayName": "Azure Portal", "ipAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "status": {"errorCode": 500121, "failureReason": "Authentication failed during strong authentication request.", "additionalDetails": "MFA denied; invalid verification code"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 114.0.0"}, "location": {"city": "San Jose", "state": "California", "countryOrRegion": "US", "geoCoordinates": {"latitude": 2, "longitude": -1}}, "mfaDetail": {"authMethod": "Text message"}, "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "failure", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "7e93d1be-19c9-45a1-ad83-c1b910493300", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 105, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [{"authenticationStepDateTime": "2023-07-31T22:01:54.6184856+00:00", "authenticationMethod": "Password", "authenticationMethodDetail": "Password in the cloud", "succeeded": false, "authenticationStepResultDetail": "Authentication failed during strong authentication request.", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 1}, {"authenticationStepDateTime": "2023-07-31T22:01:54.6184856+00:00", "authenticationMethod": "Text message", "succeeded": false, "authenticationStepResultDetail": "MFA denied; invalid verification code", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "hereiamr@splunkresearch.com", "signInIdentifier": "hereiamr@splunkresearch.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 7922, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "vtGTfskZoUWtg8G5EEkzAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}}
{"time": "2023-07-31T22:03:43.2673010Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "500121", "resultSignature": "None", "resultDescription": "Authentication failed during strong authentication request.", "durationMs": 0, "callerIpAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "identity": "hereiam", "Level": 4, "location": "US", "properties": {"id": "7e93d1be-19c9-45a1-ad83-c1b910493300", "createdDateTime": "2023-07-31T22:01:54.6184856+00:00", "userDisplayName": "hereiam", "userPrincipalName": "hereiamr@splunkresearch.com", "userId": "728989f4-eb3d-45c2-8741-2f2af4e485ce", "appId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "appDisplayName": "Azure Portal", "ipAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "status": {"errorCode": 500121, "failureReason": "Authentication failed during strong authentication request.", "additionalDetails": "MFA denied; invalid verification code"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 114.0.0"}, "location": {"city": "San Jose", "state": "California", "countryOrRegion": "US", "geoCoordinates": {"latitude": 2, "longitude": -1}}, "mfaDetail": {"authMethod": "Text message"}, "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "failure", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "7e93d1be-19c9-45a1-ad83-c1b910493300", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 105, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [{"authenticationStepDateTime": "2023-07-31T22:01:54.6184856+00:00", "authenticationMethod": "Password", "authenticationMethodDetail": "Password in the cloud", "succeeded": false, "authenticationStepResultDetail": "Authentication failed during strong authentication request.", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 1}, {"authenticationStepDateTime": "2023-07-31T22:01:54.6184856+00:00", "authenticationMethod": "Text message", "succeeded": false, "authenticationStepResultDetail": "MFA denied; invalid verification code", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "hereiamr@splunkresearch.com", "signInIdentifier": "hereiamr@splunkresearch.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 7922, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "vtGTfskZoUWtg8G5EEkzAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}}
{"time": "2023-07-31T22:03:32.9362997Z", "resourceId": "/tenants/fc69e276-e9e8-4af9-9002-1e410d77244e/providers/Microsoft.aadiam", "operationName": "Sign-in activity", "operationVersion": "1.0", "category": "SignInLogs", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "resultType": "500121", "resultSignature": "None", "resultDescription": "Authentication failed during strong authentication request.", "durationMs": 0, "callerIpAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "identity": "hereiam", "Level": 4, "location": "US", "properties": {"id": "7e93d1be-19c9-45a1-ad83-c1b910493300", "createdDateTime": "2023-07-31T22:01:54.6184856+00:00", "userDisplayName": "hereiam", "userPrincipalName": "hereiamr@splunkresearch.com", "userId": "728989f4-eb3d-45c2-8741-2f2af4e485ce", "appId": "c44b4083-3bb0-49c1-b47d-974e53cbdf3c", "appDisplayName": "Azure Portal", "ipAddress": "2601:646:a000:200:a46d:e5f2:bbbb:aaaa", "status": {"errorCode": 500121, "failureReason": "Authentication failed during strong authentication request.", "additionalDetails": "MFA denied; invalid verification code"}, "clientAppUsed": "Browser", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36", "deviceDetail": {"deviceId": "", "operatingSystem": "MacOs", "browser": "Chrome 114.0.0"}, "location": {"city": "San Jose", "state": "California", "countryOrRegion": "US", "geoCoordinates": {"latitude": 2, "longitude": -1}}, "mfaDetail": {"authMethod": "Text message"}, "correlationId": "7e9dfcbf-efbb-4c50-9bcf-327e46c358fa", "conditionalAccessStatus": "notApplied", "appliedConditionalAccessPolicies": [{"id": "SecurityDefaults", "displayName": "Security Defaults", "enforcedGrantControls": ["Mfa"], "enforcedSessionControls": [], "result": "failure", "conditionsSatisfied": 3, "conditionsNotSatisfied": 0}], "authenticationContextClassReferences": [], "originalRequestId": "7e93d1be-19c9-45a1-ad83-c1b910493300", "isInteractive": true, "tokenIssuerName": "", "tokenIssuerType": "AzureAD", "authenticationProcessingDetails": [{"key": "Legacy TLS (TLS 1.0, 1.1, 3DES)", "value": "False"}, {"key": "Is CAE Token", "value": "False"}], "networkLocationDetails": [], "clientCredentialType": "none", "processingTimeInMilliseconds": 105, "riskDetail": "none", "riskLevelAggregated": "none", "riskLevelDuringSignIn": "none", "riskState": "none", "riskEventTypes": [], "riskEventTypes_v2": [], "resourceDisplayName": "Windows Azure Service Management API", "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "homeTenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "tenantId": "fc69e276-e9e8-4af9-9002-1e410d77244e", "authenticationDetails": [{"authenticationStepDateTime": "2023-07-31T22:01:54.6184856+00:00", "authenticationMethod": "Password", "authenticationMethodDetail": "Password in the cloud", "succeeded": false, "authenticationStepResultDetail": "Authentication failed during strong authentication request.", "authenticationStepRequirement": "Primary authentication", "StatusSequence": 0, "RequestSequence": 1}, {"authenticationStepDateTime": "2023-07-31T22:01:54.6184856+00:00", "authenticationMethod": "Text message", "succeeded": false, "authenticationStepResultDetail": "MFA denied; invalid verification code", "authenticationStepRequirement": "Primary authentication"}], "authenticationRequirementPolicies": [{"requirementProvider": "securityDefaults", "detail": "Security Defaults"}], "sessionLifetimePolicies": [], "authenticationRequirement": "multiFactorAuthentication", "alternateSignInName": "hereiamr@splunkresearch.com", "signInIdentifier": "hereiamr@splunkresearch.com", "servicePrincipalId": "", "userType": "Member", "flaggedForReview": false, "isTenantRestricted": false, "autonomousSystemNumber": 7922, "crossTenantAccessType": "none", "privateLinkDetails": {}, "ssoExtensionVersion": "", "uniqueTokenIdentifier": "vtGTfskZoUWtg8G5EEkzAA", "authenticationStrengths": [], "incomingTokenType": "none", "authenticationProtocol": "none", "appServicePrincipalId": null, "resourceServicePrincipalId": "902b6b39-2d22-429b-a635-baf8d57a0cf9", "rngcStatus": 0}}