Active Directory|Cloud Computing|Security

Introduction to Azure Active Directory Auditing

In today’s Ask the Admin, I will provide a brief overview of Azure Active Directory (Azure AD) auditing in the new administration portal.



Sponsored Content

Read the Best Personal and Business Tech without Ads

Staying updated on what is happening in the technology sector is important to your career and your personal life but ads can make reading news, distracting. With Thurrott Premium, you can enjoy the best coverage in tech without the annoying ads.

Microsoft has gradually been moving Azure features to the new admin portal. One of the latest is Azure AD, which until last year, had to be managed using the classical web management portal or PowerShell. In November 2016, Microsoft added detailed audit logs to the portal for those with Azure Premium AD or Enterprise Mobility Suite subscriptions. If you are not signed up for one of these plans, you can get a free 30-day trial of Azure Premium AD.

View Audit Logs in Azure AD

To view the log information for your tenant, you will need to log into Azure with an administrator account. Azure AD can be accessed by clicking the hamburger menu on the left of the portal and selecting Azure AD from the list of options. If you do not see it, click More services > at the bottom and search for Azure Active Directory.

Once you have opened the Azure AD panel, scroll down to ACTIVITY. You will see two options, Sign-ins and Audit logs. Audit logs will show all available logs. If you are interested in user login information, then click Sign-ins. Audit logs and Sign-ins provide customized views of the available log data.

Audit log search in Azure AD (Image Credit: Russell Smith)
Audit Log Search in Azure AD (Image Credit: Russell Smith)

If you need more than sign-in data, Audit logs provide a rich search and filtering experience. Sign-in data is also included as part of audit logs. Both views allow you to search based on time period, user, event category, and other criteria. The search results can be filtered based on data, time, and the actor’s user principal name (UPN).

Rich search and filter experience in Azure AD auditing (Image Credit: Russell Smith)
Rich Search and Filter Experience in Azure AD Auditing (Image Credit: Russell Smith)

There are also contextual audit and sign-in logs built into the portal, so you do not necessarily need to come to Sign-ins and Audit logs. For example, the User Management blade provides access to pre-filtered sign-in data. This shows user sign-in trends for the past month. If you are in the Enterprise applications panel, you will see information about the top three apps in your organization.

Contextual audit information in Azure AD (Image Credit: Microsoft)
Contextual Audit Information in Azure AD (Image Credit: Microsoft)

In this article, I provided an overview of the auditing features available in Azure Active Directory.


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.

Download this eBook!

External Sharing and Guest User Access in Microsoft 365 and Teams

his eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure. The eBook will also outline some of the major decision points across four general-purpose guest access policy scenarios for how an organization can set this up with standard licensing.

Download Now

Sponsored By