Query Details
Browser Activityby GEO
Query
SigninLogs | where AppDisplayName == "Microsoft Cloud App Security" | extend UserBrowser_ = tostring(DeviceDetail.browser) | extend UserOperatingSystem_ = tostring(DeviceDetail.operatingSystem) | extend UserCountryOrRegion_ = tostring(LocationDetails.countryOrRegion) | extend UserCity_ = tostring(LocationDetails.city)
Explanation
This query is filtering the SigninLogs data to only include entries where the AppDisplayName is "Microsoft Cloud App Security". It then adds new columns to the data called UserBrowser_, UserOperatingSystem_, UserCountryOrRegion_, and UserCity_, which contain the corresponding values from the DeviceDetail and LocationDetails properties.
Details
Rod Trent
Released: May 5, 2020
Tables
SigninLogs
Keywords
SigninLogs,AppDisplayName,MicrosoftCloudAppSecurity,UserBrowser,DeviceDetail,UserOperatingSystem,UserCountryOrRegion,LocationDetails,UserCity
Operators
| where=="Microsoft Cloud App Security"| extendtostring(DeviceDetail.browser)| extendtostring(DeviceDetail.operatingSystem)| extendtostring(LocationDetails.countryOrRegion)| extendtostring(LocationDetails.city)