AzureAD must log events from empty User Agent strings
It seems that AzureAD does not log any login attempts or successful log in from applications presenting a null or empty UserAgent string. This effectively hides the logins from AzureAD logs and from Cloud App Security. This is critical security flaw which allows rogue applications to authenticate without any logging and invisible to various reports and tools. According to support ticket we have opened this seems to be intentional which to our mind is completely nonsense and beyond any logic.
Any login attempt, successful or otherwise should be logged, regardless of user agent string. Either log it or block the attempt, but allowing it and not logging the event is a security hole.