elastic · kaiyan-sheng · Mar 28, 2022 · Mar 17, 2022 · Mar 17, 2022
@@ -1,3 +1,11 @@
+- version: "1.1.2"
+ changes:
+ - description: Add device_detail.is_compliant and device_detail.is_managed fields
+ type: bugfix
+ link: https://github.com/elastic/integrations/pull/2843
+ - description: Change authentication_requirement_policies to flattened type
+ type: bugfix
+ link: https://github.com/elastic/integrations/pull/2843
 - version: "1.1.1"
  changes:
  - description: Fix field mapping conflict in the auditlogs data stream for `client.ip`. Changed `azure-eventhub.offset` and `azure-eventhub.sequence_number` to longs from keyword in the eventhub data stream.

@@ -0,0 +1 @@
+{"Level":4,"callerIpAddress":"81.2.69.143","category":"NonInteractiveUserSignInLogs","correlationId":"8b79f1be-9ed1-48f5-ad92-1df3f421e142","durationMs":0,"identity":"Nikhita Sethi","location":"GB","operationName":"Sign-in activity","operationVersion":"1.0","properties":{"appDisplayName":"Microsoft Edge Enterprise New Tab Page","appId":"d7b530a4-7680-4c23-a8bf-c52c121d2e87","appliedConditionalAccessPolicies":[{"conditionsNotSatisfied":0,"conditionsSatisfied":19,"displayName":"Require MFA for everyone","enforcedGrantControls":["Mfa"],"enforcedSessionControls":[],"id":"9bc14439-0b78-4d1e-bb27-8fab658d0e83","result":"success"},{"conditionsNotSatisfied":16,"conditionsSatisfied":3,"displayName":"Block Legacy Authentication","enforcedGrantControls":["Block"],"enforcedSessionControls":[],"id":"f1938df8-77ab-445a-8cba-4e7be5d55dca","result":"notApplied"},{"conditionsNotSatisfied":2,"conditionsSatisfied":1,"displayName":"Block Non-MFA and Legacy Protocol USERS from non-trusted locations","enforcedGrantControls":["Block"],"enforcedSessionControls":[],"id":"97dd0e67-9953-49fc-ae42-70e4ead3ffc0","result":"notApplied"},{"conditionsNotSatisfied":2,"conditionsSatisfied":1,"displayName":"Block all guest acccess apart from SharePoint Online","enforcedGrantControls":["Block"],"enforcedSessionControls":[],"id":"c28b1740-4158-4b71-9269-9a4a41fd0204","result":"notApplied"},{"conditionsNotSatisfied":2,"conditionsSatisfied":1,"displayName":"Guest terms of use policy","enforcedGrantControls":["Guest terms of use"],"enforcedSessionControls":[],"id":"b00a4704-5613-49d6-bd4e-283d23d29f0a","result":"notApplied"},{"conditionsNotSatisfied":2,"conditionsSatisfied":1,"displayName":"Guest session timeout","enforcedGrantControls":[],"enforcedSessionControls":["SignInFrequency"],"id":"484acb18-0d56-41a8-844c-9e7c8e9cf819","result":"notApplied"},{"conditionsNotSatisfied":8,"conditionsSatisfied":3,"displayName":"Blocked Countries","enforcedGrantControls":["Block"],"enforcedSessionControls":[],"id":"051d2ce9-6d47-4c12-a113-c25223217bcb","result":"notApplied"},{"conditionsNotSatisfied":2,"conditionsSatisfied":1,"displayName":"TEST - Cyberfort Users using non-compliant devices","enforcedGrantControls":["Mfa"],"enforcedSessionControls":[],"id":"8ddf1a42-cb27-44a7-aa12-a65343e41be4","result":"reportOnlyNotApplied"},{"conditionsNotSatisfied":2,"conditionsSatisfied":1,"displayName":"TEST - Cyberfort Users using Compliant Devices","enforcedGrantControls":["Mfa","RequireCompliantDevice"],"enforcedSessionControls":[],"id":"ee64eba5-e4bd-40ca-aee7-d98ad45ab33a","result":"reportOnlyNotApplied"},{"conditionsNotSatisfied":1,"conditionsSatisfied":0,"displayName":"CA – iOS \\\\u0026 Android – Unmanaged","enforcedGrantControls":["Mfa","RequireApprovedApp"],"enforcedSessionControls":[],"id":"cb26a614-e2c4-4644-b226-4dcb0c79ad61","result":"reportOnlyNotApplied"},{"conditionsNotSatisfied":1,"conditionsSatisfied":0,"displayName":"Require Mobile access from protected apps/compliant devices","enforcedGrantControls":["RequireCompliantDevice"],"enforcedSessionControls":[],"id":"39300713-85f0-41f5-ae90-823cc0be3b4a","result":"reportOnlyNotApplied"},{"conditionsNotSatisfied":2,"conditionsSatisfied":1,"displayName":"Block Legacy EAS Auth","enforcedGrantControls":["Block"],"enforcedSessionControls":[],"id":"f6623a16-4455-48f9-893f-70f1c564a534","result":"reportOnlyNotApplied"}],"authenticationDetails":[{"authenticationMethod":"Previously satisfied","authenticationStepDateTime":"2022-03-17T09:44:46.3097429+00:00","authenticationStepRequirement":"Multi-factor authentication","authenticationStepResultDetail":"MFA requirement satisfied by claim in the token","succeeded":true}],"authenticationProcessingDetails":[{"key":"Legacy TLS (TLS 1.0, 1.1, 3DES)","value":"False"},{"key":"Oauth Scope Info","value":"[User.Read,Userinfo.ReadWrite]"},{"key":"Is CAE Token","value":"False"}],"authenticationProtocol":"none","authenticationRequirement":"multiFactorAuthentication","authenticationRequirementPolicies":[{"detail":"Conditional Access","requirementProvider":"multiConditionalAccess"}],"autonomousSystemNumber":5089,"clientAppUsed":"Mobile Apps and Desktop clients","conditionalAccessStatus":"success","correlationId":"8b79f1be-9ed1-48f5-ad92-1df3f421e142","createdDateTime":"2022-03-17T09:44:46.3097429+00:00","crossTenantAccessType":"none","deviceDetail":{"browser":"Edge 18.19042","deviceId":"ef5d12a1-7768-4085-9047-5d33aee251fa","displayName":"LW-TBSH006933","isCompliant":true,"isManaged":true,"operatingSystem":"Windows 10","trustType":"Azure AD joined"},"flaggedForReview":false,"homeTenantId":"226f45e7-e2e2-4228-9e9d-612687e8c133","id":"088b4409-9e63-425d-b777-2c8c6c380b00","incomingTokenType":"none","ipAddress":"81.2.69.143","isInteractive":false,"isTenantRestricted":false,"location":{"city":"Strood","countryOrRegion":"GB","geoCoordinates":{"latitude":51.394798278808594,"longitude":0.4803900122642517},"state":"Medway"},"mfaDetail":{},"networkLocationDetails":[],"originalRequestId":"088b4409-9e63-425d-b777-2c8c6c380b00","privateLinkDetails":{},"processingTimeInMilliseconds":90,"resourceDisplayName":"Microsoft News Feed","resourceId":"f920ab6b-8a48-4438-9255-1650179a3a0f","resourceTenantId":"226f45e7-e2e2-4228-9e9d-612687e8c133","riskDetail":"none","riskEventTypes":[],"riskEventTypes_v2":[],"riskLevelAggregated":"none","riskLevelDuringSignIn":"none","riskState":"none","servicePrincipalId":"","ssoExtensionVersion":"","status":{"additionalDetails":"MFA requirement satisfied by claim in the token","errorCode":0},"tokenIssuerName":"","tokenIssuerType":"AzureAD","uniqueTokenIdentifier":"MDg4YjQ0MDktOWU2My00MjVkLWI3NzctMmM4YzZjMzgwYjAw","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19042","userDisplayName":"Nikhita Sethi","userId":"da495378-1cbd-450f-997c-5393402e41f8","userPrincipalName":"nikhita.sethi@cyberfortgroup.com","userType":"Member"},"resourceId":"/tenants/226f45e7-e2e2-4228-9e9d-612687e8c133/providers/Microsoft.aadiam","resultSignature":"None","resultType":"0","tenantId":"226f45e7-e2e2-4228-9e9d-612687e8c133","time":"2022-03-17T09:44:46.3097429Z"}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		{"Level":4,"callerIpAddress":"81.2.69.143","category":"NonInteractiveUserSignInLogs","correlationId":"8b79f1be-9ed1-48f5-ad92-1df3f421e142","durationMs":0,"identity":"Nikhita Sethi","location":"GB","operationName":"Sign-in activity","operationVersion":"1.0","properties":{"appDisplayName":"Microsoft Edge Enterprise New Tab Page","appId":"d7b530a4-7680-4c23-a8bf-c52c121d2e87","appliedConditionalAccessPolicies":[{"conditionsNotSatisfied":0,"conditionsSatisfied":19,"displayName":"Require MFA for everyone","enforcedGrantControls":["Mfa"],"enforcedSessionControls":[],"id":"9bc14439-0b78-4d1e-bb27-8fab658d0e83","result":"success"},{"conditionsNotSatisfied":16,"conditionsSatisfied":3,"displayName":"Block Legacy Authentication","enforcedGrantControls":["Block"],"enforcedSessionControls":[],"id":"f1938df8-77ab-445a-8cba-4e7be5d55dca","result":"notApplied"},{"conditionsNotSatisfied":2,"conditionsSatisfied":1,"displayName":"Block Non-MFA and Legacy Protocol USERS from non-trusted locations","enforcedGrantControls":["Block"],"enforcedSessionControls":[],"id":"97dd0e67-9953-49fc-ae42-70e4ead3ffc0","result":"notApplied"},{"conditionsNotSatisfied":2,"conditionsSatisfied":1,"displayName":"Block all guest acccess apart from SharePoint Online","enforcedGrantControls":["Block"],"enforcedSessionControls":[],"id":"c28b1740-4158-4b71-9269-9a4a41fd0204","result":"notApplied"},{"conditionsNotSatisfied":2,"conditionsSatisfied":1,"displayName":"Guest terms of use policy","enforcedGrantControls":["Guest terms of use"],"enforcedSessionControls":[],"id":"b00a4704-5613-49d6-bd4e-283d23d29f0a","result":"notApplied"},{"conditionsNotSatisfied":2,"conditionsSatisfied":1,"displayName":"Guest session timeout","enforcedGrantControls":[],"enforcedSessionControls":["SignInFrequency"],"id":"484acb18-0d56-41a8-844c-9e7c8e9cf819","result":"notApplied"},{"conditionsNotSatisfied":8,"conditionsSatisfied":3,"displayName":"Blocked Countries","enforcedGrantControls":["Block"],"enforcedSessionControls":[],"id":"051d2ce9-6d47-4c12-a113-c25223217bcb","result":"notApplied"},{"conditionsNotSatisfied":2,"conditionsSatisfied":1,"displayName":"TEST - Cyberfort Users using non-compliant devices","enforcedGrantControls":["Mfa"],"enforcedSessionControls":[],"id":"8ddf1a42-cb27-44a7-aa12-a65343e41be4","result":"reportOnlyNotApplied"},{"conditionsNotSatisfied":2,"conditionsSatisfied":1,"displayName":"TEST - Cyberfort Users using Compliant Devices","enforcedGrantControls":["Mfa","RequireCompliantDevice"],"enforcedSessionControls":[],"id":"ee64eba5-e4bd-40ca-aee7-d98ad45ab33a","result":"reportOnlyNotApplied"},{"conditionsNotSatisfied":1,"conditionsSatisfied":0,"displayName":"CA – iOS \\\\u0026 Android – Unmanaged","enforcedGrantControls":["Mfa","RequireApprovedApp"],"enforcedSessionControls":[],"id":"cb26a614-e2c4-4644-b226-4dcb0c79ad61","result":"reportOnlyNotApplied"},{"conditionsNotSatisfied":1,"conditionsSatisfied":0,"displayName":"Require Mobile access from protected apps/compliant devices","enforcedGrantControls":["RequireCompliantDevice"],"enforcedSessionControls":[],"id":"39300713-85f0-41f5-ae90-823cc0be3b4a","result":"reportOnlyNotApplied"},{"conditionsNotSatisfied":2,"conditionsSatisfied":1,"displayName":"Block Legacy EAS Auth","enforcedGrantControls":["Block"],"enforcedSessionControls":[],"id":"f6623a16-4455-48f9-893f-70f1c564a534","result":"reportOnlyNotApplied"}],"authenticationDetails":[{"authenticationMethod":"Previously satisfied","authenticationStepDateTime":"2022-03-17T09:44:46.3097429+00:00","authenticationStepRequirement":"Multi-factor authentication","authenticationStepResultDetail":"MFA requirement satisfied by claim in the token","succeeded":true}],"authenticationProcessingDetails":[{"key":"Legacy TLS (TLS 1.0, 1.1, 3DES)","value":"False"},{"key":"Oauth Scope Info","value":"[User.Read,Userinfo.ReadWrite]"},{"key":"Is CAE Token","value":"False"}],"authenticationProtocol":"none","authenticationRequirement":"multiFactorAuthentication","authenticationRequirementPolicies":[{"detail":"Conditional Access","requirementProvider":"multiConditionalAccess"}],"autonomousSystemNumber":5089,"clientAppUsed":"Mobile Apps and Desktop clients","conditionalAccessStatus":"success","correlationId":"8b79f1be-9ed1-48f5-ad92-1df3f421e142","createdDateTime":"2022-03-17T09:44:46.3097429+00:00","crossTenantAccessType":"none","deviceDetail":{"browser":"Edge 18.19042","deviceId":"ef5d12a1-7768-4085-9047-5d33aee251fa","displayName":"LW-TBSH006933","isCompliant":true,"isManaged":true,"operatingSystem":"Windows 10","trustType":"Azure AD joined"},"flaggedForReview":false,"homeTenantId":"226f45e7-e2e2-4228-9e9d-612687e8c133","id":"088b4409-9e63-425d-b777-2c8c6c380b00","incomingTokenType":"none","ipAddress":"81.2.69.143","isInteractive":false,"isTenantRestricted":false,"location":{"city":"Strood","countryOrRegion":"GB","geoCoordinates":{"latitude":51.394798278808594,"longitude":0.4803900122642517},"state":"Medway"},"mfaDetail":{},"networkLocationDetails":[],"originalRequestId":"088b4409-9e63-425d-b777-2c8c6c380b00","privateLinkDetails":{},"processingTimeInMilliseconds":90,"resourceDisplayName":"Microsoft News Feed","resourceId":"f920ab6b-8a48-4438-9255-1650179a3a0f","resourceTenantId":"226f45e7-e2e2-4228-9e9d-612687e8c133","riskDetail":"none","riskEventTypes":[],"riskEventTypes_v2":[],"riskLevelAggregated":"none","riskLevelDuringSignIn":"none","riskState":"none","servicePrincipalId":"","ssoExtensionVersion":"","status":{"additionalDetails":"MFA requirement satisfied by claim in the token","errorCode":0},"tokenIssuerName":"","tokenIssuerType":"AzureAD","uniqueTokenIdentifier":"MDg4YjQ0MDktOWU2My00MjVkLWI3NzctMmM4YzZjMzgwYjAw","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19042","userDisplayName":"Nikhita Sethi","userId":"da495378-1cbd-450f-997c-5393402e41f8","userPrincipalName":"nikhita.sethi@cyberfortgroup.com","userType":"Member"},"resourceId":"/tenants/226f45e7-e2e2-4228-9e9d-612687e8c133/providers/Microsoft.aadiam","resultSignature":"None","resultType":"0","tenantId":"226f45e7-e2e2-4228-9e9d-612687e8c133","time":"2022-03-17T09:44:46.3097429Z"}