| Application |
Application that performed the recorded action |
String |
| ApplicationId |
Unique identifier for the application |
String |
| City |
City where the client IP address is geolocated |
String |
| CorrelationId |
Unique identifier of the sign-in event |
String |
| Country |
Country/Region where the account user is located |
String |
| ErrorCode |
Contains the error code if a sign-in error occurs. To find a description of a specific error code, visit https://aka.ms/AADsigninsErrorCodes |
Int32 |
| GatewayJA4 |
The JA4 fingerprint is a hash derived from the TLS Client Hello request. This JA4 fingerprint serves as a unique identifier for the client’s TLS configuration. |
String |
| IPAddress |
IP addresses of the clients on which the activity was performed; can contain multiple Ips if related to Microsoft Defender for Cloud Apps alerts |
String |
| IsManagedIdentity |
Indicates whether the sign-in was initiated by a managed identity |
Boolean |
| Latitude |
The north to south coordinates of the sign-in location |
String |
| Longitude |
The east to west coordinates of the sign-in location |
String |
| ReportId |
Unique identifier for the event |
String |
| RequestId |
Unique identifier of the request |
String |
| ResourceDisplayName |
Display name of the resource accessed. The display name can contain any character. |
String |
| ResourceId |
Unique identifier of the resource accessed |
String |
| ResourceTenantId |
Unique identifier of the tenant of the resource accessed |
String |
| ServicePrincipalId |
Unique identifier of the service principal that performed the action |
String |
| ServicePrincipalName |
Name of the service principal that initiated the sign-in |
String |
| SessionId |
Unique number assigned to a user by a website’s server for the duration of the visit or session |
String |
| SourceSystem |
|
String |
| State |
State where the sign-in occurred, if available |
String |
| TenantId |
|
String |
| TimeGenerated |
|
DateTime |
| Timestamp |
Date and time when the record was generated |
DateTime |
| Type |
|
String |
| UserAgent |
User agent information from the web browser or other client application |
String |