A couple of months ago the Azure AD team announced the public preview of the Azure AD Admin Experience in the new portal, and since then we’ve got some new improvements. So on the 8th of November, they announced new auditing features to the preview.
Let’s logon now to the new Azure AD portal and check the new view of all audit logs and sign-ins:
By clicking on the Sign-Ins section, you can get a list of all the sign-ins performed by all users, and you also get a detailed log about the applications that were used:
Now we have the ability to filter that information, using a variety of filters:
The Overview blade will give you information related to the applications that your users were using,
And if you check the Users and Groups section, you can see information related to that sign-in activity:
Now let’s check the audit logs, where you can see detailed logging about the entire activity of the users, along with the ability to search for a specific user’s events:
You can get similar results if you click on the Audit logs section in the Enterprise Applications blade:
The Azure AD team offers the ability to access all this data programmatically through a set of APIs, more information on this you can find here: https://blogs.technet.microsoft.com/enterprisemobility/2016/11/08/azuread-weve-just-turned-on-detailed-auditing-and-sign-in-logs-in-the-new-azure-portal/
Thanks for your time!