We'd like to capture details on our Office365 users logins.
A user logs in from an IP outside of our Geo-Fence
A user logs in from an IP associated with a known VPN service
A user logs in from an IP associated with known malicious IP Addresses.
I am already performing these audits through a separate collector using the Graph API. If you all need help on how to do. I can show you how it's done.