Search the Petri IT Knowledgebase
search icon

close

Don't miss out on our next GET-IT conference about Virtual Desktop Infrastructure!

Register Now!
Icon for On-demand Conference

On-demand Conference

Virtual Desktop Infrastructure 1-Day Virtual Conference

Icon for New E-Book

New E-Book

Microsoft Teams Backup

Icon for Latest Whitepaper

Latest Whitepaper

7 Critical Reasons for Microsoft 365 Backup

Icon for New E-Book

New E-Book

4 Strategies for Cloud Storage Optimization

Home

Active Directory

Cloud Computing

Security

Introduction to Azure Active Directory Auditing

Russell Smith

 |

May 16, 2017

In today’s Ask the Admin, I will provide a brief overview of Azure Active Directory (Azure AD) auditing in the new administration portal.

 

 

Microsoft has gradually been moving Azure features to the new admin portal. One of the latest is Azure AD, which until last year, had to be managed using the classical web management portal or PowerShell. In November 2016, Microsoft added detailed audit logs to the portal for those with Azure Premium AD or Enterprise Mobility Suite subscriptions. If you are not signed up for one of these plans, you can get a free 30-day trial of Azure Premium AD.

View Audit Logs in Azure AD

To view the log information for your tenant, you will need to log into Azure with an administrator account. Azure AD can be accessed by clicking the hamburger menu on the left of the portal and selecting Azure AD from the list of options. If you do not see it, click More services > at the bottom and search for Azure Active Directory.

Once you have opened the Azure AD panel, scroll down to ACTIVITY. You will see two options, Sign-ins and Audit logs. Audit logs will show all available logs. If you are interested in user login information, then click Sign-ins. Audit logs and Sign-ins provide customized views of the available log data.

Audit log search in Azure AD (Image Credit: Russell Smith)

Audit Log Search in Azure AD (Image Credit: Russell Smith)

If you need more than sign-in data, Audit logs provide a rich search and filtering experience. Sign-in data is also included as part of audit logs. Both views allow you to search based on time period, user, event category, and other criteria. The search results can be filtered based on data, time, and the actor’s user principal name (UPN).

Rich search and filter experience in Azure AD auditing (Image Credit: Russell Smith)

Rich Search and Filter Experience in Azure AD Auditing (Image Credit: Russell Smith)

There are also contextual audit and sign-in logs built into the portal, so you do not necessarily need to come to Sign-ins and Audit logs. For example, the User Management blade provides access to pre-filtered sign-in data. This shows user sign-in trends for the past month. If you are in the Enterprise applications panel, you will see information about the top three apps in your organization.

Contextual audit information in Azure AD (Image Credit: Microsoft)

Contextual Audit Information in Azure AD (Image Credit: Microsoft)

In this article, I provided an overview of the auditing features available in Azure Active Directory.

More from Russell Smith

Security

Petri Dish: Cybersecurity vs IT Security with Devolutions

Windows 11 Hardware Requirements Enable New Features Like Smart App Control
Datacenter networking servers

5 Reasons Getting Certified Now Will Protect Your Career in a Recession

Petri Newsletters

Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.

More in Security

Security

Petri Dish: Cybersecurity vs IT Security with Devolutions

Sep 28, 2022 | Russell Smith

Security

Stop MFA Fatigue with Additional Context and Number Matching for Microsoft Authenticator

Sep 22, 2022 | Rabia Noureen

Researchers Warn About New Shikitega Malware Targeting Linux Endpoints and IoT Devices

Sep 12, 2022 | Rabia Noureen

Security

LastPass Confirms Internal Source Code Compromised in Security Breach

Aug 26, 2022 | Rabia Noureen

Security

Avast Gets New Ransomware Shield to Protect Small Businesses

Aug 24, 2022 | Rabia Noureen

Mandiant Warns Hackers Now Use New Trick to Bypass MFA

Aug 22, 2022 | Rabia Noureen

Most popular on petri

Article saved!

Access saved content from your profile page. View Saved

Reach out

Learn More

Sitemap

Join The Conversation

Create a free account today to participate in forum conversations, comment on posts and more.

Copyright ©2019 BWW Media Group

Terms and Conditions of Use