![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 45%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJL%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,624 questions
Hello @Jack Lucivero,
Thank you for posting your query on Microsoft Q&A.
From your description, it seems that you are seeing around 20k sign-in events—both successful and failed—in one week.
Here are some steps to help diagnose the issue:
- Identify Affected Users: Determine which specific users are experiencing the high volume of sign-in events to focus your investigation.
- Examine User Patterns: Check if the affected users share common characteristics, such as specific roles, permissions, or devices.
- Review Microsoft Entra Sign-in Logs: Analyze the logs to see if the issue is isolated to iOS or Android devices, or a particular application.
- Check Conditional Access Policies: Look for any recent changes to conditional access policies in your tenant.
- Compare Users: Select a user who is not experiencing this issue and compare their settings with those of a user who is. Verify if they are subject to the same conditional access policies.
- Analyze Log Types: Confirm whether these logs are from interactive or non-interactive sign-ins. Examine the differences between successful and failed sign-ins to understand the reasons behind the failures.
I hope these steps help you diagnose the issue. Please feel free to reach out if you have any further questions.
If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Thanks,
Raja Pothuraju.
