Microsoft 365 Defender: IdentityLogonEvents Query to Detect Logon from Foreign Countries and IP Addresses

Khoa Tran 40 Reputation points
2023-07-14T14:17:16.6966667+00:00

Is it possible to write a query based on IdentityLogonEvents table to find Azure AD's sign-in or log-on attempts from a foreign country or IP address?

Thanks!

Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
132 questions
0 comments No comments
{count} votes