Which TWO tables in Microsoft Defender XDR advanced hunting provide information about user authentication events?
Contains Azure AD sign-in events.
Why this answer
Options A and D are correct. A is correct because AADSignInEventsBeta contains Azure AD sign-ins. D is correct because IdentityLogonEvents contains on-premises AD logons.
B is incorrect because DeviceNetworkEvents is for network events. C is incorrect because EmailEvents is for email. E is incorrect because AlertInfo is for alerts.