![]() ![]() Have there been sign-in attempts with disabled accounts?.Has a password spraying attempt has happened?.Has any brute-force signing attempt happened?.Is any legacy authentication mechanism being used for signing in?.What is the status of conditional access defined?.How many users, apps or services have signed in over a week?.What is the sign-in pattern of a particular user, application or service?.With Sign-ins log, you can answer to some of these questions below: Moreover, proactively, and constantly monitoring the Sign-ins can prevent breaches, alert administrators to malicious attacks and anomalous usage patterns and enable them to reduce their vulnerability by ensuring systems are configured to allow access only to those users and services that need access using up-to-date best practice authentication mechanisms and so on. The Azure AD sign-ins log is an indispensable tool for troubleshooting and investigating security-related incidents in your tenant. In this article I will cover how to proactively monitor and historically audit and report on Azure AD Sign-in logs. In my last article, I covered comprehensive monitoring and auditing of the Audit log to ensure you know what has changed regarding who can access your systems and with what privileges, see: Īzure Sign-ins log helps you to determine who has performed the tasks reported by the Azure Audit log. For example, Information about changes applied to your tenant such as users and group management, updates applied to your tenant’s resources, etc. ![]() The Azure Audit log provides you with access to the history of every task performed in your tenant. How to Monitor Azure AD Sign-ins logs and Detect Attacks ProactivelyĪs the Azure cloud administrator, you need to know who is accessing your cloud resources, how they are access it, what they access, what changed, when they access and from where, etc?Īzure AD (Azure Active Directory) provides answers to above by storing the information in two logs, the information stored in them is extremely valuable for troubleshooting, monitoring and for general security related work, the logs are:
0 Comments
Leave a Reply. |