The options you have to export/stream/integrate the Azure AD Sign-in logs are listed here: https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-activity-logs-azure-monitor
Pick the one that best fits your needs.
Can the SP obtain logs on an unsuccessful login attempt?
Sam Sullivan
21
Reputation points
Hi,
If we have an Azure AD setup and we have a user who tries to sign in and fails. Is there a way for Azure to send the sign-in logs to an endpoint on the SP side? Will this log contain the user's User Principal Name? If I'm not mistaken, I believe we can export the sign-in logs to Event Hub but I don't know if there is an option to set up an endpoint on Event Hub where it will send the logs it receives similar to how Okta has event hooks. Also, are there any other flows to send these sign-in logs to an endpoint? Would appreciate any help. Thanks.
1 answer
Sort by: Most helpful
-
Vasil Michev 94,911 Reputation points MVP
2022-09-24T06:27:54.967+00:00