All sign-in data comes from Microsoft Azure AD, but there are a few main types (with respect to entry points/schema):
1.) Azure Application Data
2.) Azure User Account Sign-Ins (this is separate from the Audit data)
3.) Office 365 Management – Sign-Ins
What Splunk currently officially supports is number 3, O365 Management Sign-Ins, which was part of the Splunk MSCS Add-On until it was separated into the separate Splunk O365 Add-On (https://splunkbase.splunk.com/app/4055/). So technically, at one point, MSCS was supporting "Sign-In" data, but it pertained to O365, not Azure. Splunk plans to officially support the other sign-in data sources at a later date (active work in progress), but as of now, it is not supported. An enhancement request was created, ADDON-21972. If you'd like to follow this, please contact Splunk Support with a message stating you wish to be added to the Enhancement Request ADDON-21972 and reach out to your Splunk account team for status updates. In the mean time, there are unsupported ways to get that data into Splunk explained below.
The Azure Audit sign-in data sources for 1 and 2 above (currently not supported by the Splunk MSCS Add-On) can be obtained using apps created by Splunk Works/the community. There are two ways to get that sign-in data using those published Add-Ons: