Microsoft 365 Defender: IdentityLogonEvents Query to Detect Logon from Foreign Countries and IP Addresses

Khoa Tran 40 Reputation points

Is it possible to write a query based on IdentityLogonEvents table to find Azure AD's sign-in or log-on attempts from a foreign country or IP address?


Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
132 questions
0 comments No comments
{count} votes