Forum Discussion
Solved
Azure Activity Log missing legacy auth failed attempts or account lockouts for AAD Powershell
In my testing, I am not seeing any logging of failed attempts or account lockouts in the Azure Active Directory Activity Sign-In Logs when the legacy module of Azure Active Directory is used.
Moder...
- Update 12/11/2017 - Microsoft Premier Support said this is working "by design" and will either provide a public facing article that states this and/or will open a "Design Change Request" to log these legacy authentication failure events.
Looking at the tests I did, it definitely does not log every single failed attempt. I did get one additional entry from today, which seems to correspond to the dozen or so attempts I made. And I'm starting to think that you are correct here - I was expecting at least two different types of "applications" reported as I tried both the MSOnline module and (legacy auth) ExO PowerShell, but only one of them is visible - which I guess is the ExO failure, not the MSOnline one. Let us know if you get an official answer please.
Update 12/11/2017 - Microsoft Premier Support said this is working "by design" and will either provide a public facing article that states this and/or will open a "Design Change Request" to log these legacy authentication failure events.
Thanks Joe. I guess the events I'm seeing are ExO PowerShell then, or something else.
And Microsoft, really?!