Unauthorized Logon actions by Domain and Account

Defender For Endpoint

DeviceLogonEvents
| where isnotempty(FailureReason)
| where FailureReason == "UnauthorizedLogonType"
| summarize count() by AccountDomain, AccountName
| sort by count_
| render columnchart with(title="Unauthorized Logon by Domain and Account")

Sentinel

DeviceLogonEvents
| where isnotempty(FailureReason)
| where FailureReason == "UnauthorizedLogonType"
| summarize count() by AccountDomain, AccountName
| sort by count_
| render columnchart with(title="Unauthorized Logon by Domain and Account")

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Visualization - UnauthorizedLogonsByAccount.md

Visualization - UnauthorizedLogonsByAccount.md

Unauthorized Logon actions by Domain and Account

Defender For Endpoint

Sentinel

Files

Visualization - UnauthorizedLogonsByAccount.md

Latest commit

History

Visualization - UnauthorizedLogonsByAccount.md

File metadata and controls

Unauthorized Logon actions by Domain and Account

Defender For Endpoint

Sentinel