Forum Discussion

danishfarazey's avatar
danishfarazey
Copper Contributor
Jul 28, 2021

HELPPPP....User login from multiple workstation use case creation

I have a client requirement where they require the data of list of user who are logging in from mutiple machines..

 

for example the scenario is

 

if Alex login from 2 machine his name should be listed in the data which is being retrieved.

    • CliveWatson's avatar
      CliveWatson
      Icon for Microsoft rankMicrosoft
      What data do you have, maybe AAD SigninLogs? Do you have a query you are working on so far, anything you can share? You have tagged Azure Sentinel, do you have that enabled, if so what Tables. In the meantime some examples to give you an idea. Is this for a rule, and ad-hoc query or a Workbook?

      BehaviorAnalytics
      | where ActivityType == 'LogOn' and isnotempty(UserName)
      | summarize make_set(DestinationDevice) by UserName


      SigninLogs
      | extend deviceId_ = tostring(DeviceDetail.deviceId)
      | summarize devicesList = make_set_if(deviceId_, isnotempty(deviceId_)), devicesCount = dcountif(deviceId_, isnotempty(deviceId_)) by UserPrincipalName
      | where devicesCount > 1

Resources