AD B2C: Keep Me Signed In - Audit Logs

Ferenc Szabó 66 Reputation points
2021-07-01T14:58:09.17+00:00

This is an AD B2C specific question, but I think it also applies to Azure AD as well. My question is, can we see anywhere in the Audit Logs (https://learn.microsoft.com/en-us/azure/active-directory-b2c/view-audit-logs) when a user "logged in" with a persistent KMSI cookie?

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,631 questions
0 comments No comments
{count} votes

Accepted answer
  1. AmanpreetSingh-MSFT 56,301 Reputation points
    2021-07-02T09:40:48.837+00:00

    Hi @Ferenc Szabó · Thank you for reaching out.

    As of now, sign-ins via KMSI persistent cookies are not logged. Currently, sign-in Activity logs capture either interactive sign-ins or non-interactive sign-ins, which doesn't include sign-in via KMSI cookie. Some examples of non-interactive sign-ins are:

    • A client app uses an OAuth 2.0 refresh token to get an access token.
    • A client uses an OAuth 2.0 authorization code to get an access token and refresh token.
    • A user performs single sign-on (SSO) to a web or Windows app on an Azure AD joined PC.
    • A user signs in to a second Microsoft Office app while they have a session on a mobile device using FOCI (Family of Client IDs).

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

0 additional answers

Sort by: Most helpful