Account enumeration reconnaissance from an unresolved computer.

It happens if the connection was attempted via RDP.

It's a protocol limitation,  in the NTLM event, this is what the protocol is putting in the machine name field, and there is no IP address in this event.

I think this post can give hints on it:

https://techcommunity.microsoft.com/t5/Azure-Advanced-Threat-Protection/Azure-ATP-Unresolved-Entity/m-p/252724?advanced=false&collapse_discussion=true&filter=location&location=forum-board:AzureAdvancedThreatProtection&q=MSTSC&search_type=thread