Share via

Application sign-ins in Azure AD

Nikita Krivets 481 Reputation points
2020-05-20T07:51:56.85+00:00

Hello,

Azure AD has a place which stores sign-ins. MS Graph provides us with the opportunity to get this log via "auditLogs/signIns" endpoint.
The documentation states that the log has both user and application sign-in activities stored

Details user and application sign-in activity for a tenant (directory). Source: https://learn.microsoft.com/en-us/graph/api/resources/signin?view=graph-rest-1.0

However, list sign-ins is only for user activities

Retrieve the Azure AD user sign-ins for your tenant. Sign-ins that are interactive in nature (where a username/password is passed as part of auth token) and successful federated sign-ins are currently included in the sign-in logs. Source: https://learn.microsoft.com/en-us/graph/api/signin-list?view=graph-rest-1.0&tabs=http

You can see any sign-in activities regarding all the applications with delegated permissions.

Could you please tell me if there is a place where you can see sign-in activities for applications with App permissions (operating via client_credentials flow)?
As far as I understand, login operation (signing in) is getting a token from login.microsoftonline.com.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,093 questions
0 comments
Accepted answer
  1. soumi-MSFT 11,756 Reputation points Microsoft Employee
    2020-05-20T08:46:00.813+00:00

    @Nikita Krivets , As of now you can only retrieve signins for users that get recorded, since they are interactive logons. Currently there are no ways to audit logins by Service Principals.

    You would be able to find a similar request being shared by a customer on the Azure Feedback forum.

    https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/31991029-make-spn-non-interactive-login-events-logged-and

    You can upvote that request so that the question gets more visibility. Also you would find on that page that the Product group has mentioned that they have started working on it, but as of now there is no ETA on its public preview.

    Hope this helps. Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jai Verma 461 Reputation points
    2020-05-20T16:33:58.157+00:00

    I guess this is available in private preview, where you can view non-interactive sing in activities also. In case you are premier customer, contact you TAM/CxP for further details.

    0 comments