MCAS ALERT CABINET EVENT MATCH AUDIT

Development 1 Reputation point
2022-06-20T14:59:32.157+00:00

Hi,

LogonIp value is full in some of the data we take with the endpoint with Alert, and it is empty in some. We can't see ip especially in High Severity alerts. What is the reason of this?

Thanks.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
13,028 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Zehui Yao_MSFT 5,871 Reputation points
    2022-06-21T02:39:24.79+00:00

    Hello @Development , According to the introduction in the documentation, the LogonIp property describes the IP address that initiates the login request.
    Regardless of the severity level of the warning. So please check if the status of the logged in user is the cause of the logonIp being empty. Hope it can help you.

    213174-image.png
    213068-image.png


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.