@Ciyaresh  Ah, well that is because the query you found in the link was made by the original creator, it is more of a test to see that it works. 

I would probably do something like this; 

let HighriskUsers = HighRiskUsers_CL
| distinct UserPrincipalName_s;
SecurityEvent
| where TargetAccount in (HighriskUsers)
| where EventID == "4624"

 Just make sure the custom log table usernames match with the SecurityEvent TargetAccount regarding upper/lower case. You can use the toupper/tolower function to make sure they match if they are not by default. I use the distinct operation to make sure i dont get duplicate values from the custom table. 

www.000webhost.com