From 09d1fe366c66f4653dab744886072983f2cd9737 Mon Sep 17 00:00:00 2001
From: ank0ku <103283500+ank0ku@users.noreply.github.com>
Date: Wed, 23 Oct 2024 09:05:53 -0500
Subject: [PATCH 1/2] Update User Sign in Analysis and Investigation
Promptbook.md
Fixed errant "/" in prompt 10.
---
.../User Sign in Analysis and Investigation Promptbook.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Promptbook samples/User Sign in Analysis and Investigation Promptbook.md b/Promptbook samples/User Sign in Analysis and Investigation Promptbook.md
index 2315db5e..e5ac9408 100644
--- a/Promptbook samples/User Sign in Analysis and Investigation Promptbook.md
+++ b/Promptbook samples/User Sign in Analysis and Investigation Promptbook.md
@@ -41,7 +41,7 @@ Does the user's sign-in satisfy the Multi-Factor Authentication (MFA) requiremen
```
9. Accessing conditional access policies aligned to the user
```
-/What specific conditional access policies were applied during these sign-in events
+What specific conditional access policies were applied during these sign-in events
```
10. Checking the last passwprd change for the user
```
From 34b809d9917645df6c4eba20ae48fee336e3b746 Mon Sep 17 00:00:00 2001
From: ank0ku <103283500+ank0ku@users.noreply.github.com>
Date: Wed, 23 Oct 2024 09:21:53 -0500
Subject: [PATCH 2/2] Update Readme.md
Capitalized "I" in Who am I.
Changed sub-bullet points in the Sign-In Logs section to bullet points. Sub-bullet points would suggest those are subsequent prompts in the same session, but they don't seem to relate directly to the first prompt.
---
Sample Prompts/Microsoft Entra/Readme.md | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/Sample Prompts/Microsoft Entra/Readme.md b/Sample Prompts/Microsoft Entra/Readme.md
index 7aa6d55c..01195021 100644
--- a/Sample Prompts/Microsoft Entra/Readme.md
+++ b/Sample Prompts/Microsoft Entra/Readme.md
@@ -11,7 +11,7 @@
## User Details
-- Who am i
+- Who am I
- What login attempts exist for the user on December 31st? (Created KQL)
- What login attempts exist for the user in the last 14 days? (Created KQL)
- What login attempts exist for the user **_``_**? in the last 14 days? (Targeting a specific user)
@@ -57,17 +57,17 @@ reasons.
- Have there been any failed sign-ins during the last weekend?
- Tell me about Lee Majors most recent failed sign-in
- Show me the sign-in logs for **_``_**?
- - Show me the sign-in logs of users who signed in from **_``_**?
- - Show me the sign-in logs from **_``_**?
- - Show me the sign-in logs from operating system 'MAC OS
- - Show me the sign-in logs from Edge
- - Show me the sign-in logs from compliant devices
- - Show me the sign-in logs from managed devices
- - Show me the sign in logs for which conditional policies have been applied
- - Show me ca policies evaluated for sign in with request id **_``_**?
- - Show me the sign-in logs from client app
- - Can you tell me if conditional access policy is working from sign-in logs
- - Show me the sign-in logs from unmanaged devices in the past 14 days and list the entities involved
+ - Show me the sign-in logs of users who signed in from **_``_**?
+ - Show me the sign-in logs from **_``_**?
+ - Show me the sign-in logs from operating system 'MAC OS
+ - Show me the sign-in logs from Edge
+ - Show me the sign-in logs from compliant devices
+ - Show me the sign-in logs from managed devices
+ - Show me the sign in logs for which conditional policies have been applied
+ - Show me ca policies evaluated for sign in with request id **_``_**?
+ - Show me the sign-in logs from client app
+ - Can you tell me if conditional access policy is working from sign-in logs
+ - Show me the sign-in logs from unmanaged devices in the past 14 days and list the entities involved
[](#entra)