Forum Discussion
Exporting Azure AD Sign-In Logs to Log Analytics
Have they shown up yet? It can take 15mins+ https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-with-log-analytics
CliveWatson thanks for the reply and understood. I left the config in place for several hours and no sign-in data has been exported.
I have a separate AAD tenant that I was able to get this working on, and this left me wondering whether this was a license issue. In the tenant I had tried (initially), I have several hundred users. I activated an AAD Premium license and applied it to those I was seeking to export sign-in data on, but this didn't work. This has left me wondering if (potentially all?) users need to be licensed for AAD Premium? Or will a subset work? Fairly confident this is where the issue lies, but haven't been able to get any clarity on the licensing piece.
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-sign-ins
If you want to access the sign-in data using an API, your tenant must have an Azure Active Directory Premium license associated with it.
I suspect like do, it needs to be all users in the tenant - sorry maybe someone else knows for sure.
Hi CliveWatson
I just spoke with Microsoft support and wanted to share some feedback. The Azure AD tenant needs to be licensed at a premium level, but this license does not need to be assigned to all users in the tenant. Best way to check that you meet the prerequisite is to check from the Azure AD Overview page within the portal.
The other piece here is that the team is aware of a delay in exporting sign-in logs, and that this could result in up to a few days between the time it's configured and the time logs are actually exported. The development team is aware of the issue and is working through an update to address.
I actually checked the configuration again this morning and now I have log data being streamed. Just didn't give it long enough. 🙂
Cheers!