What is the difference (if any) between Azure Active Directory (Azure AD) activity logs (audit + sign in + provisioning) and Tenant Activity Logs?

andrei 45 Reputation points
2023-09-01T13:07:38.44+00:00

Here is the documentation for Azure Active Directory (Azure AD) activity logs (audit logs and there is the others documentations for sign in and provisioning): https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-audit-logs

Here is the Tenant Activity logs list API: https://learn.microsoft.com/en-us/rest/api/monitor/tenant-activity-logs/list?tabs=HTTP

Are those the very same events? Or is there a difference?

Another reason that made me believe they are the same logs is that only the Azure Active Directory (Azure AD) activity logs (audit logs + sign in and provisioning) seems to be mentioned here: https://learn.microsoft.com/en-us/azure/azure-monitor/data-sources#azure-tenant

Thank you!

Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes

Accepted answer
  1. Shweta Mathur 30,301 Reputation points Microsoft Employee Moderator
    2023-09-05T07:22:33.8933333+00:00

    Hi @andrei ,

    Thanks for reaching out.

    Yes, the Azure Active Directory (Azure AD) activity logs mentioned in the documentation you provided include audit logs, sign-in logs, and provisioning logs**.** These logs provide a comprehensive report on every logged event in Azure AD, including changes to applications, groups, users, and licenses.

    The Tenant Activity logs list API you mentioned is a part of Azure Monitor, which is a platform service that provides a single source for monitoring Azure resources and applications. The Tenant Activity logs list API allows you to retrieve the activity logs for your Azure tenant, including Azure AD activity logs.

    So, to answer your question, the Tenant Activity logs list API and the Azure AD activity logs are not different logs, but rather the API provides a way to retrieve the Azure AD activity logs along with other activity logs for your Azure tenant.

    Hope this will help.

    Thanks,

    Shweta


    Please remember to "Accept Answer" if answer helped you.


1 additional answer

Sort by: Most helpful
  1. David Broggy 6,376 Reputation points MVP Volunteer Moderator
    2023-09-03T20:31:04.95+00:00

    Hi test,

    If you go one level up in the documentation from the link you provided, it's states that the 'tenant logs' are in fact the Azure Activity logs.

    https://learn.microsoft.com/en-us/rest/api/monitor/tenant-activity-logs

    Hope that helps.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.