Search

KQL Query in Sentinel to generate report of Users and details the Authentication Methods they have u

SigninLogs | extend authenticationMethod_ = tostring(parse_json(AuthenticationDetails)[0].authenticationMethod) | extend authenticationMethodDetail_ = tostring(parse_json(AuthenticationDetails)[0].authenticationMethodDetail) | extend authenticationStepResultDetail_ = tostring(parse_json(AuthenticationDetails)[0].authenticationStepResultDetail) | extend authenticationStepRequirement_ = tostring(parse_json(AuthenticationDetails)[0].authenticationStepRequirement) | extend authenticationStepDateTime_ = tostring(parse_json(AuthenticationDetails)[0].authenticationStepDateTime) | where isnotempty(authenticationMethod_) | project UserDisplayName, UserPrincipalName, AppDisplayName, authenticationMethod_, authenticationMethodDetail_, authenticationStepRequirement_, authenticationStepDateTime_, Status | sort by authenticationStepDateTime_ desc

144 views0 comments

Recent Posts

See All