Note: This will be dependent on the package your tenant has. Not all Schemas will be available.
Tenable Agent based offers a simple command to run via their documentation. However, it doesn't actually work in my experience. I've created bat files and two PowerShell scripts that can be run via your RMM tool or via Intune Scripts and Remediations. Note: you will need to know what GUIDs are being used. You can find this in the registry (I've dealt with 7 GUIDS at most)
This script can be run in DB Browser to give you the urls that were visited by a user with your local time in chronological order.
KQL can help if you need to generate a report on users being locked out by domain. You can use this data to check for highly target users or domains.
There will be times for investigations or incidents were you will need to find out if a user clicked a link or get a copy of all the links they clicked. Note: Links clicked via phone are not tracked by Microsoft after various tests.
Note: This will depend on what package your tenant has.
Those lacking a SIEM or just want to search for password files, can use this script to find files that contain keywords like "password", "credentials", "logins", "log in".
Tenable Agent based offers a simple command to run via their documentation. However, it doesn't actually work in my experience. I've created bat files and two PowerShell scripts that can be run via your RMM tool or via Intune Scripts and Remediations. Note: you will need to know what GUIDs are being used. You can find this in the registry (I've dealt with 7 GUIDS at most)
Your organization may not be using Intune or you just want to try out using .bat files. You can use this file as a place to get started or see how they work!