Forum Discussion
Sign-in reports - missing events for specific users
Bob
If apps are using Modern Authentication then you'll only see reauthentication events when the token expires, which can be forever ...
As Steven said above, MA greatly reduces the number of sign-in events. I just wanted to add that if you are looking for "when was this user last active" type of report, you should look at the Unified audit log in the SCC, which should give you a lot more events. When it works, that is.
P.S. I wonder how many more years will have to pass until we get a LastLoginDate attribute.
- Alpesh ShindeCopper Contributor
We are facing similar issues. We use SailPoint to automatically disable user identities for on-premises Active Directory. There are VIPs who only use O365 services so they never logon to on-premises AD and their lastlogontimestamp is never updated. We want to build a correlation between Azure AD and on-premises AD so that before a decision is made by SailPoint to disable an account it considers both on-premises lastlogontimestamp and Azure AD sign-in logs. We face same issue as described above and there is no other attribute to refer to in AzureAD which can allow this correlation to happen. So the method we have today is not full proof and has chances to fail if we use sign-in logs as correlation attribute.
- ErickOlaezCopper Contributor
Alpesh Shinde Have you found any solution for the correlation between AD and AAD?
- _Matthias_Brass ContributorAre there any news about a potential LastLoginDate attribute? I'm missing it, too!!!