Active Directory|Cloud Computing|Security

Introduction to Azure Active Directory Auditing

In today’s Ask the Admin, I will provide a brief overview of Azure Active Directory (Azure AD) auditing in the new administration portal.



Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.

Microsoft has gradually been moving Azure features to the new admin portal. One of the latest is Azure AD, which until last year, had to be managed using the classical web management portal or PowerShell. In November 2016, Microsoft added detailed audit logs to the portal for those with Azure Premium AD or Enterprise Mobility Suite subscriptions. If you are not signed up for one of these plans, you can get a free 30-day trial of Azure Premium AD.

View Audit Logs in Azure AD

To view the log information for your tenant, you will need to log into Azure with an administrator account. Azure AD can be accessed by clicking the hamburger menu on the left of the portal and selecting Azure AD from the list of options. If you do not see it, click More services > at the bottom and search for Azure Active Directory.

Once you have opened the Azure AD panel, scroll down to ACTIVITY. You will see two options, Sign-ins and Audit logs. Audit logs will show all available logs. If you are interested in user login information, then click Sign-ins. Audit logs and Sign-ins provide customized views of the available log data.

Audit log search in Azure AD (Image Credit: Russell Smith)
Audit Log Search in Azure AD (Image Credit: Russell Smith)

If you need more than sign-in data, Audit logs provide a rich search and filtering experience. Sign-in data is also included as part of audit logs. Both views allow you to search based on time period, user, event category, and other criteria. The search results can be filtered based on data, time, and the actor’s user principal name (UPN).

Rich search and filter experience in Azure AD auditing (Image Credit: Russell Smith)
Rich Search and Filter Experience in Azure AD Auditing (Image Credit: Russell Smith)

There are also contextual audit and sign-in logs built into the portal, so you do not necessarily need to come to Sign-ins and Audit logs. For example, the User Management blade provides access to pre-filtered sign-in data. This shows user sign-in trends for the past month. If you are in the Enterprise applications panel, you will see information about the top three apps in your organization.

Contextual audit information in Azure AD (Image Credit: Microsoft)
Contextual Audit Information in Azure AD (Image Credit: Microsoft)

In this article, I provided an overview of the auditing features available in Azure Active Directory.


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: