We are authenticating SQL MI users with AAD - Universal with MFA and would like to see a log of all sign ins.
Would this be under the AAD/Users/Audit Logs/Sign ins?
We'd like to see a few months worth of data.
Thanks
In Azure Ad only 30 days of Sign in logs for user, Managed identities or even Service principals are available. After 30 days all the logs whether audit, Activity or Sign-In are flushed out on Azure’s end, unless you store the logs every month or every seven days in an Azure storage account or send it to Log analytics workspace.
For Azure AD Free Edition Sign in logs are retained only for 7 days. If you upgrade to Azure AD
Premium P1 or Azure AD Premium P2 then the sign in logs of past 30 days are available.
I created one SQL Server and enabled Azure AD User and tried Signing in with Azure AD Universal MFA via SSMS and managed Identity like below :-
Assigned VMs managed identity access to SQL server:-
SignInLogs of SQL server:-
For managed Identity logs, you can visit here :-
After clicking on try it out, New SignIn logs page will appear and you can select managed identity to verify if your managed identity is successfully logged into an Azure SQL server :-
As, Sign in logs are only available for 30 days in Azure AD, You can save the logs in the storage account every month by following the steps below :-
Click on Export Data settings above SignIn Logs page or Diagnostics Settings> Add diagnostics Settings > Select the required logs > Archive to Storage account > Select your storage account from Azure AD page like below :-
OR
Now, all your sign in and managed identity logs will be stored and populate in your storage account like below:-
Reference :-
How long does Azure AD store reporting data? - Microsoft Entra | Microsoft Learn
Related
is there a way to know using Advanced Hunting queries(KQL) whether a user logged in using certificate based authentication?
do we see these kind of data in AAdSignInEventsBeta?
Please follow the below steps to get the certificate-based authentication logs in Azure AD with KQL:
Create Log Analytics workspaces, like below.
Go to Azure Portal > Log Analytics workspaces > Create Log Analytics workspace.
Once create the Log Analytics workspaces, send all Azure AD Sign-in logs to Log Analytics workspaces, like below.
Go to **Azure Portal > Azure Active Directory > Diagnostic settings > Add diagnostic setting. **
Check the Azure AD sign-in logs, like below.
Open your Log Analytics workspaces > Logs.
Run the below KQL query to get the Azure AD sign-in logs.
SigninLogs
| where Category == "AuthenticationLogs"
| where Method == "Certificate"
Reference:
Analyze activity logs using Azure Monitor logs - Microsoft Entra | Microsoft Learn.
I have a php application that I want active directory users to be able to login to using azure sso. Getting this working with simplesamlphp was really easy.
Now I am trying to allow non organization users to be able to login as guests.
I updated azure AD to allow external entities, and then created a workflow allowing AD users, microsoft.com accounts and one time password. I have enabled "guest self-service signup" and I have associated this user flow with my azure application however the authentication flow hasn't changed at all. There isn't any option for guests to login. Am I missing something? I am using the azure ad federation metadata document xml in the simplesaml metadata converter and using the output of that for my metadata provider in simplesaml.
Here is the screen a user gets when trying to sign in to azure:
I've logged into Windows 10 using my office 365 account and running WindowsIdentity.GetCurrent() gives me AzureAD\\LocTrang and Sid.
When I look into ADSI CN=ForeignSecurityPrincipals I can see the Sid. But pulling down the users from office 365 Azure Active Directory I could not find any correlation between my office 365 account and what WindowsIdentity has given me.
I know they're not the same but I need to find the connection between office 365 account and my Windows account which I've logged in using my office 365 account.
You need to check the attributes used to match users when AAD Connect is run.
AAD Connect syncs AD users up to Azure AD.
Normally UPN is used.
You also need to check what attributes are synched up since if they are not synched, they won't be in Azure AD.
When having multiple Azure subscriptions, can we view Azure portal AAD sign-in logs and activity audit logs in 1 single view, instead of per Azure subscription? If yes, how? Thanks a lot!
Both the sign-ins and audit-logs require the limited user roles to access them, and the sign-ins requires the Azure AD License that must have an Azure AD Premium license. But all of them have no requirements to display their activities with the Azure Subscriptions. For this, you could directly see from the columns in the audit-logs and sign-ins.
We have synced our on prem active directory to our Azure instance active directory using Azure AD connect (Express install). We can see the users in Azure from our on prem AD. The sync shows as successful.
Now we would like to use the domain name that we have synced to azure for user authentication in to the azure portal. The documentation that we have read says this is possible, but we can get it to work.
When we try to use an existing AD user we get the message that “We don’t recognize this users ID or password” but if we create a new user in Azure and assign it to our synced AD we can use it to login to the azure portal.
We have searched for a detailed document on prem AD synced to Azure AD to use for portal login and found some documents that we followed but did not help.
Can we use our on prem AD user name and password to allow users to login to the Azure portal?
Thanks for your help
John
yes, you can use users in Azure AD with tag "Sourced from: Local Active Direcotry" to login to azure portal.
The custom domain should be verified.
Password Synchronization should be enabled.
Also, assign coadmin right for at least one subscription to login to Management Portal.