I wonder if anyone has insights into this issue. I've using the Graph API to return a user's information including signInActivity. I've noticed that for some users, the lastSignInDateTime and lastSignInRequestId will be for a failed sign in log. I can see this the most for users whose accounts are actively being spammed with login attempts by malicous actors and Microsoft is started blocking the authentications. Any ideas of how I can get accurate signInActivity for my users? The signIns API is soooooo slow, so I'd like to avoid searching it if possible.
Here is an example of the API response
And here is what the sign-in request looks like.