Export SignIn logs for specific AAD Application to LogAnalytics Workspace

Question

Export SignIn logs for specific AAD Application to LogAnalytics Workspace

Javeed 0

Hello,

Would it be possible to grant an single AAD app "X" access to signin logs of another single AAD app "Y"?

Alternatively could I forward the signin logs just for the AAD app "Y" to a log analytics workspace?

Aim is to allow an app/service principle to query the signin logs of some selected apps.

Thanks,

Javeed

Shweta Mathur 20,021 Reputation points Microsoft Employee

2023-09-25T07:57:32.2166667+00:00

Hi @Javeed ,

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept Answer" which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
JamesTran-MSFT 32,856 Reputation points Microsoft Employee

2023-09-26T22:01:58.7533333+00:00

@Javeed

I wanted to check in and see if you had any other questions or if you were able to resolve this issue?

If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

Shweta Mathur 20,021 Reputation points Microsoft Employee

2023-09-25T07:57:32.2166667+00:00

Hi @Javeed ,

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept Answer" which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
JamesTran-MSFT 32,856 Reputation points Microsoft Employee

2023-09-26T22:01:58.7533333+00:00

@Javeed

I wanted to check in and see if you had any other questions or if you were able to resolve this issue?

If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

Answer 1

Hi @Javeed

Thanks for reaching out.

Would it be possible to grant an single AAD app "X" access to signin logs of another single AAD app "Y"?

Yes, you can achieve this using Azure Lighthouse which enables multi-tenant management.

Also, once the data is in an Event Hub, you can write a Logic App to process the data and write it to the Logic App in the new tenant. You can use "Azure Log Analytics Data Collector" to write to a Log Analytics Workspace.

could I forward the signin logs just for the AAD app "Y" to a log analytics workspace?

Yes, you can configure log analytics workspace to collect the sign in logs. You can filter the app "Y" client id in the Kusto query to send only app related logs.

SigninLogs project ClientAppUsed, ConditionalAccessStatus, Status

https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/tutorial-configure-log-analytics-workspace

Hope this will help.

Thanks,

Shweta

Please remember to "Accept Answer" if answer helped you.

Export SignIn logs for specific AAD Application to LogAnalytics Workspace

1 answer

Activity