You manage an Azure subscription named Sub1. Sub1 is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.
You identify that an Azure AD user account named [email protected] might be compromised.
You need to review the changes that User1 performed since the most recent sign-in.
Which log should you use?