For O365 Securlet - where is the data from the Management Status Tab pulled from within the Investigate tab.

The three filters are:

1. Managed
2. Unmanaged
3. Not Available

Management Status Tab:

Not Available: Normal status for Detect Activities which are pulling data that is not directly linked to a SAAS account.

Managed or UnManaged:

• O365 Audit logs has a field "IsManagedDevice" which shows whether the activity is done from a Managed or an Unmanaged device.
• Management Worker fetches the Audit logs from O365 SaaS and displays it in CloudSOC Investigate.
• Audit Log page on Microsoft compliance portal: (https://compliance.microsoft.com/auditlogsearch?viewid=Async%20Search).
• As per our understanding Managed devices are devices that are under some sort of organizational control. So when any O365 activity like file download is done from managed device then IsManagedDevice is shown as True else it will be Unmanaged