I have a user that is failing authentication to exchange online and I'm seeing the attempts in AAD sign in logs. The user isn't experiencing any issues on the PC they are currently using so I believe another system is the issue. The main issue is that the AAD log only shows the the IP of my public IP and not the IP of the PC where failed auth is originating from. Does anyone know of a way to correlate a failed AAD auth back to the PC it originated from in this scenario? Are there any local logs on the PC that i could query that would also say an auth failed (I have ability to get windows event logs and other local logs)?