AADNonInteractiveUserSignInLogs 表的查询

项目
11/11/2024

有关在 Azure 门户中使用这些查询的信息，请参阅 Log Analytics 教程。有关 REST API，请参阅查询。

具有多个城市的用户

获取最后一天从多个城市登录的用户的列表。

AADNonInteractiveUserSignInLogs
| where TimeGenerated > ago(1d)
| extend City = parse_json(LocationDetails).city
| summarize CountPerCity = dcount(tostring(City)) by UserId
| where CountPerCity > 1
| order by CountPerCity desc

最活跃的 IP 地址

获取最后一天前 100 个最活跃的 IP 地址的列表。

AADNonInteractiveUserSignInLogs
| where TimeGenerated > ago(1d)
| summarize CountPerIPAddress = count() by IPAddress
| order by CountPerIPAddress desc
| take 100