is there a way for building a list of unique user domains in a delimited format from sentinel signin logs? Signin logs has user principal name and can be extended to split the domain name as below.
extend UserDomains = split(UserPrincipalName,'@')[1]
You can use the make_set() aggregation function, for example:
T
| extend UserDomains = split(UserPrincipalName,'@')[1]
| summarize UserDomains = make_set(UserDomains)