There’s a plethora of data connectors for Microsoft Sentinel, from Microsoft and Azure services to third party sources and custom logs. This data is only as good as the analytical value it brings. During investigations – both proactive and reactive – visualizing data in different formats offers value into finding anomalies, patterns, and insights difficult to spot.

When working with data which includes geographic related information such as Microsoft Entra sign-in logs, visualizing the data through a proper medium is essential to making the most use of the data. This is where using interactive maps for Sentinel and Log Analytics workspace comes into play. As of the writing of this blog article, it’s not possible to use the interactive map directly within the Logs section of Sentinel or Log Analytics workspace. Instead, the Azure Data Explorer web app or Kusto Explorer desktop app must be used. This article will use Azure Data Explorer for all examples. The setup required for this is simple and only takes a few minutes.

Read the full post here: Visualize Entra Sign-in Logs using an Interactive Map - Microsoft Community Hub