admin管理员组

文章数量:1313599

I wanted to query the service health metric of Entra ID in ALA, I used SigninLogs and AuditLogs but couldn’t find correct query in ALA that will show the same monitoring metric as the dashboard in Entra Service Health (like token request per seconds, top application visits, bad password or risk Ip)

I wanted to query the service health metric of Entra ID in ALA, I used SigninLogs and AuditLogs but couldn’t find correct query in ALA that will show the same monitoring metric as the dashboard in Entra Service Health (like token request per seconds, top application visits, bad password or risk Ip)

  • azure
  • azure-log-analytics
  • microsoft-entra-id
  • azure-entra-id
Share Improve this question edited Feb 10 at 9:50 Jahnavi 8,0581 gold badge6 silver badges12 bronze badges Recognized by Microsoft Azure Collective asked Jan 31 at 3:21 Matapang AkoMatapang Ako 13 bronze badges 1
  • Are you still facing the issue! – Jahnavi Commented Feb 10 at 9:13
Add a comment  | 

1 Answer 1

Reset to default 0

To query the service health metric of Entra ID in log analytics workspace, firstly you need to configure the Dianostic settings as detailed in the MS Doc by selecting audit logs and Sign in logs.

I used SigninLogs and AuditLogs but couldn’t find correct query in ALA:

You can check here for KQL query samples related to signin logs table in multiple scenarios.

For example, if you want to check for invalid or bad password applications logs, you can query it in the below way.

SigninLogs
| where ResultType == "50126"

Where 50126 sign-in-error code is an error code for invalid username or password as detailed in the given blog.

And summarized the count of attempts by time generated field.

| summarize invalidpwdattempts = count() by bin(TimeGenerated, 24h)

You can check the below query for retrieving the Top Applicant sign in's:

SigninLogs
| summarize topsignins = count() by AppDisplayName

After summarizing, you can get the required number of sign ins top applicants by display name or application ID.

order by topsignins desc
| take 5

Also refer this for few more sign-in log query samples applied in different use case scenarios.

本文标签: azureEntra ID connect service health metrics to ALAStack Overflow

版权声明:本文标题:azure - Entra ID connect service health metrics to ALA - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741927667a2405384.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。