Skip to content

Azure

In this page you will find example queries for your Azure data.

  1. Windows users logging-in from multiple endpoints/countries/IP addresses
    select IDENTITY,
           array_agg(distinct PROPERTIES:deviceDetail:displayName) devices_rough,
           array_size(devices_rough) device_cnt,
           array_agg(distinct PROPERTIES:deviceDetail:deviceId) device_ids,
           array_size(device_ids) device_ids_cnt,
           array_agg(distinct split_part(PROPERTIES:deviceDetail:browser, ' ', 1)) browsers_product,
           array_size(browsers_product) browsers_cnt,
           array_agg(DISTINCT PROPERTIES:location:countryOrRegion) countries,
           array_size(countries) countries_cnt,
           array_agg(distinct PROPERTIES:appDisplayName) apps,
           array_size(apps) apps_count,
           (device_cnt + device_ids_cnt + browsers_cnt + (countries_cnt * 5) + apps_count) score
        from raw.AZURE_SIGNIN
        group by IDENTITY
        order by score desc