![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 25%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
25,081 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 78%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERB%3C/text%3E%3C/svg%3E)
Hi @Ashok , the audit logs in Azure AD will not show you the IP address. If you see the columns in audit logs, you will find that the IP Address property is not included. Ref -> https://learn.microsoft.com/en-us/azure/azure-monitor/reference/tables/auditlogs#columns and https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-audit-logs
IP Address is included as a property in the columns of sign-in logs in Azure AD. Ref -> https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-sign-ins
So to get IP Address of the user whenever there is a password reset activity, you can correlate between the audit logs and the sign in logs. Please ref the correlation id from the audit logs for the SSPR activity and filter it in the sign in logs, from where you could get the IP address of the user.
Alternatively, you can match the Object Id in the Audit logs which should be the user id in the sign in logs along with the timestamp.
Audit Log :
Sign in Log:
