Behavior Detection and evaluation
Behavior Detection analyzes patterns of user behavior and create profiles of typical patterns based on previous activity. This information enables you to configure sign-on policy rules that respond to changes in user behavior. For example, you can configure a policy to require multifactor authentication if a user signs in from a new location or uses a new device.
You can't configure policies to deny users access based on behavior changes. However, you can configure the specific types of behavior you want to track and when changes should take effect in response to those behaviors. After you configure the behavior conditions you're interested in, you can add them to your sign-on policy rules to control when users are required to provide multifactor authentication.
Behavior Detection System Log events