Conditional Access "Monitoring" only shows admins in Activity Log


We have monitoring set up with Conditional Access App Control. I have onboarded a handful of applications including Office 365 and I can see that my Conditional Access App Control Apps are connected. I have applied a policy to monitor all users. When I check the Activity Log tab I only see users who have a security role listed with logged activity. I see people that are Global Admins, Global Readers, Security Admins but not regular users logged in the Activity Log tab. 

Is the behavior expected? Am I missing the point of monitoring the applications?

2 Replies

Hi @Paul Brock!


Do you mind providing a couple screenshots of your AAD CA Policy and MCAS CAAC Policy? This isn't typical behavior and should monitor all users for that application. Is your AAD CA policy scoped to a specific group of admins? Also, is your MCAS deployment scoped for Admins for that specific app under Settings -> Scoped Deployment? Lastly, do you have activity privacy implemented?
Thank you!

@Sarahzin Thank you so much. It was scoped by accident.