Need to know who’s logging in to your cloud directory or Office 365? With this tip, I’ll show you where to find information about user sign in activity in the Azure management portal.
Until recently, there was no single log view for sign in information in the Azure Active Directory (AAD). That changed in November 2016, when Microsoft added detailed auditing to the AAD admin experience preview in the new Azure management portal, providing a convenient one-stop shop where all audit data is available in one place. Contextual audit features also offer access to audit logs relevant to the task you’re performing. For example, you can quickly view audit logs for the sign in activity of a specific user without leaving the user management panel.
There’s a catch, however: an Azure Premium AD or Enterprise Mobility Suite subscription is required to access the logs. If you don’t have an Azure Premium AD subscription, you can get a free 30-day trial here.
To follow the instructions below, you’ll need to have at least one directory set up in your Azure subscription. If you use Office 365, you already have an Azure AD directory associated with your Office 365 tenant. Simply log in to the Azure management portal, using the link in the instructions below, and enter credentials for an Office 365 tenant administrator.
- Sign in to the new Azure management portal here with an account that has administrator access to AAD
- In the list of options on the left of the portal, click Azure Active Directory
- In the Azure Active Directory PREVIEW panel, scroll down the list of options on the left and click Sign-ins under ACTIVITY
- In the Filter Sign-In Events panel, leave the default settings, and click Update
Note one month is the maximum timeframe that can be displayed at any one time.
- A list of sign in events will appear on the left
- Click on one of the events to see more information
- On the Activity Details: Sign-ins panel, you’ll see information about the login, including username, application, location, and IP address
- Close the Activity Details: Sign-ins
- On the Azure Active Directory – PREVIEW panel, click Download to download a .csv file of the sign in activity
- You can also customize the columns displayed and search the filtered events
Some other entry points to sign in activity logs are available in the management portal:
- Click Users and groups on the Azure Active Directory – PREVIEW
- Now click Overview, where you get a graph showing user sign ins. Clicking on the graph shows a list of sign in events for any given day
- Click All users under MANAGE to display a graph with sign in activity for selected users
To view the audit information across all available resources, click Audit logs under ACTIVITY. You can also get audit data for specific apps by clicking Enterprise apps on the Azure Active Directory – PREVIEW panel, and then use the graph to drill down for filtered event information.
