Had a good laugh when looking at Azure AD audit data for the first time today: All login records are associated with geolocation data (what I've seen wasn't diverse enough to tell if it's just IP address based or maybe device location info).

So yeah. And there's login records for users that do not belong to the tenant. They have all the same data, username, email address, location - just their device name, of all things, is masked out with "{PII removed}".

That's an interesting take on PII 🙄