Export SignIn logs for specific AAD Application to LogAnalytics Workspace

Mohamed Javeed Thettilayil 5 Reputation points
2023-09-19T18:13:41.96+00:00

Hello,

Would it be possible to grant an single AAD app "X" access to signin logs of another single AAD app "Y"?

Alternatively could I forward the signin logs just for the AAD app "Y" to a log analytics workspace?

Aim is to allow an app/service principle to query the signin logs of some selected apps.

Thanks,

Javeed

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,939 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Shweta Mathur 30,206 Reputation points Microsoft Employee
    2023-09-20T10:42:48.3133333+00:00

    Hi @Mohamed Javeed Thettilayil

    Thanks for reaching out.

    Would it be possible to grant an single AAD app "X" access to signin logs of another single AAD app "Y"?

    Yes, you can achieve this using Azure Lighthouse which enables multi-tenant management.

    Also, once the data is in an Event Hub, you can write a Logic App to process the data and write it to the Logic App in the new tenant.  You can use "Azure Log Analytics Data Collector" to write to a Log Analytics Workspace.

    could I forward the signin logs just for the AAD app "Y" to a log analytics workspace?

    Yes, you can configure log analytics workspace to collect the sign in logs. You can filter the app "Y" client id in the Kusto query to send only app related logs.

    SigninLogs project ClientAppUsed, ConditionalAccessStatus, Status

    https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/tutorial-configure-log-analytics-workspace

    Hope this will help.

    Thanks,

    Shweta


    Please remember to "Accept Answer" if answer helped you.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.