Aug 03 2022 09:02 AM
Hi!
I created new conditional access (CA) policy and set up it as "Report-Only".
Now, I want to see who is affected by this specific policy.
I exported sign-in logs from Azure, but there is no Column (Field) with CA policy name. I can see only CA status (Success, Failure, Not applied), but I don't see what specific policy worked out.
How can I see to which users applied the specific CA policy?
Aug 03 2022 03:24 PM - edited Aug 03 2022 03:25 PM
Hi @xStevex,
You can connect your Azure AD to a Log Analytics Workspace. After the connection is established, you can go to the Azure AD Portal --> All Services --> Azure AD Conditional Access --> Insights and Reporting, here you can see the reports in detail.
If you have any questions, please let me know.
Regards,
Tiennes
Aug 04 2022 12:43 AM
@TiennesHi!
Thanks!
There is any other possibility to get those data?
I don't have Log Analytics Workspace now and I must configure it. I'm not sure if it is an easy process. Perhaps I need to invite another team to this.
Aug 04 2022 01:00 AM - edited Aug 04 2022 01:01 AM
Hi @xStevex,
In my opinion, the Log Analytics Workspace is your best shot. It's easy to set up and very convenient for doing an in-depth analysis of the outcome of your "Report-Only" Conditional Access Policies.
For more information: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-...
With Regards,
Tiennes