Forum Discussion
Report conditional access policies and sign in logs
I would like to create a PowerShell report about the relation between sign in logs and the conditional access policies. For me it is important to see the effects of the conditional access policies (i...
Why not just use the Conditional Access workbook? https://learn.microsoft.com/en-us/entra/identity/conditional-access/howto-conditional-access-insights-reporting
The customer can not use Azure Log Analytic Workspace.
- Well, you can filter the Entra sign-in logs per specific CA policy, something like this:
GET https://graph.microsoft.com/v1.0/auditLogs/signIns?$top=1&$filter=appliedConditionalAccessPolicies/any(c:c/id eq '04fec5ff-fa7e-45e9-bf5e-45a976624422' and c/result eq 'success')
If the policy is in report mode, you have to filter by reportOnlySuccess and also add the Prefer: include-unknown-enum-members header as per: https://learn.microsoft.com/en-us/graph/api/resources/appliedconditionalaccesspolicy?view=graph-rest-1.0