Upgrade to 7.1.0 or above
Item 158357: As a Change Auditor Administrator, I'd like built-in searches for each risky sign-in event type
• Azure Active Directory and Office 365 updates
▪ Change Auditor has implemented the updated Microsoft graph API which has resulted in the
following additional built-in reports for risky events:
All Azure Active Directory sign-in from anonymous IP address events in the past 7 days
All Azure Active Directory sign-in from confirmed compromised user events in the past 7 days
All Azure Active Directory sign-in from IP address with malicious activity events in the past 7 days
All Azure Active Directory sign-in from IP address with suspicious activity events in the past 7 days
All Azure Active Directory sign-in from malware-infected device events in the past 7 days
All Azure Active Directory sign-in with impossible travel events in the past 7 days
All Azure Active Directory sign-in with valid credentials from blocked IP address events in the past 7
days
All Azure Active Directory sign-in with unfamiliar location or properties events in the past 7 days
All Azure Active Directory suspicious manipulation or rules in user's inbox events in the past 7 days
All Azure Active Directory user activity with known sign-in attack pattern events in the past 7 days
All Azure Active Directory user activity with known attack pattern events in the past 7 days
All Azure Active Directory unlikely travel between sign-in source locations events in the past 7 days
All Azure Active Directory users sign-in with leaked credentials events in the past 7 days