Microsoft Entra Gets New Logging Tools for Agent and Service Monitoring
Microsoft strengthens Entra with advanced logging features to improve monitoring, security, and compliance.
Key Takeaways:
- New logging features give IT teams more visibility into agent activities and sign-ins.
- Service-to-service authentication tracking improves transparency across Microsoft apps.
- Enhanced log attributes strengthen monitoring, security, and compliance efforts.
Microsoft has announced a new set of advanced logging capabilities for Entra customers. These updates provide IT teams with deeper insights into agent behavior and sign-in patterns, strengthening both monitoring and security.
Microsoft has recently launched a new Entra Agent ID solution to help administrators track agent identities across platforms like Copilot Studio and Azure AI Foundry. Later this year, Microsoft plans to add support for agents from Security Copilot, Microsoft 365 Copilot, and third-party agents. Microsoft has also introduced new tools that let IT admins filter and monitor agent-specific sign-in events.
“The agentSignIn resource in the MSGraph API and the “is Agent” UX filter in Microsoft Entra let IT admins quickly view details about agents in authentication logs and filter sign-in events to those done by agents only. This brings both clarity and control, making it quicker and easier to monitor agent activity with your organization’s resources,” Microsoft explained.
Microsoft service principal sign-in logs
Microsoft has also introduced new service principal sign-in logs in public preview for commercial customers. This new log stream enables administrators to track token requests between Microsoft services. For instance, when a user opens a Word document inside Microsoft Teams, Teams needs to authenticate itself to Word to access and display the document properly. The new logs give IT teams visibility into how these services authenticate with each other within a tenant.
Enhanced sign-in log attributes for greater visibility
Last but not least, Microsoft has announced new and improved sign-in log attributes to enhance visibility, security, and cross-tenant monitoring within enterprise environments. These include AppOwnerTenantId, ResourceOwnerTenantId, SessionID, SourceAppClientID, Entra TenantID in Log Analytics, UserAgent in Service Principal Sign-In, and Autonomous System Number (ASN) in service principal sign-in logs.
Overall, these new capabilities should help organizations improve transparency, strengthen threat detection, and support compliance and investigation efforts. These updates provide IT teams with richer context and control over identity-related activity across Microsoft services.
Rabia has a master's degree in Software Engineering and she has years of experience writing professionally about Microsoft products and other technologies. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on t...
