![]() If you are willing to spend bit more time, and jump to external data sources (using GeoIP lookup) I recommend using Guided Hunting – Office365-Exploring – however, if you want to do initial lookup of location for Office Operations, then why not utilize the existing data sources first, then go to separate ”hunting mode” Utilizing interactive and non-interactive Azure AD Sign-in logsįirst step is to create list of unique locations and IP’s in Azure AD logs. The OfficeActivity type category in Sentinel Logs does not have natively the location details, however there are alternative ways to populate the log Populating location information to Office 365 logs ![]() As I wanted to keep this blog as short as possible, I’ve attached external references for more background, and pretty much jump to the task at hand □ Recommended reading before proceeding I’ve used it to match variety of log information from multiple sources in Log Analytics/Sentinel Workspaces. One of my favorite things these days in Microsoft Cloud ecosystem is the widespread support of KQL ( Kusto Query Language).
0 Comments
Leave a Reply. |