In this page you will find example queries for your Azure data.

  1. Windows users logging-in from multiple endpoints/countries/IP addresses:

select IDENTITY,
       array_agg(distinct PROPERTIES:deviceDetail:displayName) devices_rough,
       array_size(devices_rough) device_cnt,
       array_agg(distinct PROPERTIES:deviceDetail:deviceId) device_ids,
       array_size(device_ids) device_ids_cnt,
       array_agg(distinct split_part(PROPERTIES:deviceDetail:browser, ' ', 1)) browsers_product,
       array_size(browsers_product) browsers_cnt,
       array_agg(DISTINCT PROPERTIES:location:countryOrRegion) countries,
       array_size(countries) countries_cnt,
       array_agg(distinct PROPERTIES:appDisplayName) apps,
       array_size(apps) apps_count,
       (device_cnt + device_ids_cnt + browsers_cnt + (countries_cnt * 5) + apps_count) score
    from raw.AZURE_SIGNIN
    group by IDENTITY
    order by score desc
CODE