locked
Azure AD Login Events RRS feed

  • Question

  • Hi there,

    We just starting implementation of AzLog with particular focus on Login Events (non-federated) and Audit events from Azure AD. We were able to get Azure AD Audit events dumped into the JSON folders, however, no login activities are returned.

    Is this expected or am I missing some security / config?

    What we are interested in are the events published over this Url.

         https://graph.windows.net/$tenantdomain/activities/signinEvents?

    I am able to query these with the PS samples provided on the MS site but would prefer if it would be combined into the same logging service of course.

    Any advice?

    Thanks

    Matt

    Wednesday, August 16, 2017 7:08 PM

All replies

  • I believe this feature is applicable to P1 and P2 Azure Ad edition.

    Please check here for more details

    https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-api-sign-in-activity-reference

    You can use graph explorer to quickly verify the results

     

    Thanks

    Wednesday, August 16, 2017 7:39 PM
  • Hi

    Thanks, yes we are able to query the activity log this way but..  my question was, why does the Azure Log Integration service not perform this collection for us?  It is only collecting audit information from what I can see.

    Basically, we are trying to avoid any custom scripting for log collection.

    Thanks

    Matt


    Matt Holland

    Thursday, August 17, 2017 8:26 AM
  • Hi, Matt. What did you end up doing with this? How did you end up capturing login logs?

    Brian Laws (Sr. Principal Cloud Computing Engineer, SAIC)

    Tuesday, June 19, 2018 7:58 PM