If an cloud application like Servicenow or Salesforce is integrated with central authentication like Azure AD for authenticating users, how can I identify user authentication logs for these specific apps from Azure AD logs ?
I am looking at logs using this query index=o365 sourcetype=o365:management:activity | stats count by vendor_product but most of these vendor products are microsoft based. I don't see any other cloud apps here. Would somebody be able to help me with this please ?