Share via

Application sign-ins in Azure AD

Nikita Krivets 501 Reputation points
2020-05-20T07:51:56.85+00:00

Hello,

Azure AD has a place which stores sign-ins. MS Graph provides us with the opportunity to get this log via "auditLogs/signIns" endpoint.
The documentation states that the log has both user and application sign-in activities stored

Details user and application sign-in activity for a tenant (directory). Source: https://learn.microsoft.com/en-us/graph/api/resources/signin?view=graph-rest-1.0

However, list sign-ins is only for user activities

Retrieve the Azure AD user sign-ins for your tenant. Sign-ins that are interactive in nature (where a username/password is passed as part of auth token) and successful federated sign-ins are currently included in the sign-in logs. Source: https://learn.microsoft.com/en-us/graph/api/signin-list?view=graph-rest-1.0&tabs=http

You can see any sign-in activities regarding all the applications with delegated permissions.

Could you please tell me if there is a place where you can see sign-in activities for applications with App permissions (operating via client_credentials flow)?
As far as I understand, login operation (signing in) is getting a token from login.microsoftonline.com.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Answer accepted by question author
  1. soumi-MSFT 11,846 Reputation points Microsoft Employee Moderator
    2020-05-20T08:46:00.813+00:00

    @Nikita Krivets , As of now you can only retrieve signins for users that get recorded, since they are interactive logons. Currently there are no ways to audit logins by Service Principals.

    You would be able to find a similar request being shared by a customer on the Azure Feedback forum.

    https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/31991029-make-spn-non-interactive-login-events-logged-and

    You can upvote that request so that the question gets more visibility. Also you would find on that page that the Product group has mentioned that they have started working on it, but as of now there is no ETA on its public preview.

    Hope this helps. Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jai Verma 461 Reputation points
    2020-05-20T16:33:58.157+00:00

    I guess this is available in private preview, where you can view non-interactive sing in activities also. In case you are premier customer, contact you TAM/CxP for further details.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.