Forum Discussion
What do sign-in logs to Azure AD Identity Governance - Entitlement Management tell me
BLUF: I'm seeing a few user accounts (members and guests) that are showing up in sign in activity to Azure AD Identity Governance - Entitlement Management...but most other user accounts (members and guests) do not show up with sign-ins against that app, why would I be seeing sign-in logs for that, and what exactly am I seeing?
We have about 50 internal users (members) and 500 external users (guests)...out of those typical sign-ins I mostly see then within the apps that they are utilizing, however there are a few user accounts (members and guests) where I'm seeing sign-in logs specifically to the application name = Azure AD Identity Governance - Entitlement Management. We do have 100+ apps in which we have setup access packages for external users, but I haven't seen any other sign in activity to apps that they haven't been given permission to access, this seemed to have started around first of June 2024. I'm just curious as to what I'm actually seeing when I see a user sign-in log showing up for Application = Azure AD Identity Governance - Entitlement Management.
1 Reply
Sign-in logs associated with Azure AD Identity Governance – Entitlement Management do not represent users accessing standard applications such as Outlook or Teams. Rather, they capture authentication events related to access package and entitlement workflows within Microsoft Entra ID (formerly Azure AD). These entries typically occur when a user, whether internal or external, interacts with entitlement management processes, such as submitting an access request, redeeming an invitation, or undergoing evaluation for an assignment. Consequently, only those users actively engaging with access packages or lifecycle events will generate sign-in activity against this application.
