cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SignInLogs are not showing in Log Analytics / Azure Monitor

Ben Owens
Brass Contributor

‎Sep 21 2020 08:44 AM - last edited on ‎Jan 14 2022 04:29 PM by

‎Sep 21 2020 08:44 AM - last edited on ‎Jan 14 2022 04:29 PM by

SignInLogs are not showing in Log Analytics / Azure Monitor

I have followed the steps to create an Log Analytics workspace, and configured the Diagnostic Settings in Azure AD to send the SignInLogs and AuditLogs to LogAnalytics.

However, I cannot see the SignInLogs; I only see events from AuditLogs available in Log Analytics.

 

I believe I have met the prerequisites on licensing by means of a trial of Azure AD Premium P2 license.

 

Does anybody know why it's only sending out the AuditLogs and not the SignInLogs to Log Analytics?

Preview file
50 KB
Preview file
22 KB
15.9K Views
2 Likes
27 Replies
Reply
27 Replies
ibnmbodji

‎Feb 17 2021 12:30 PM

‎Feb 17 2021 12:30 PM

Re: SignInLogs are not showing in Log Analytics / Azure Monitor

@toggenjm 

Hi Yes you're right only Audit logs are sent to log analytics when you don't have P1 License.

 
1 Like
Reply
ibnmbodji

‎Feb 17 2021 12:35 PM

‎Feb 17 2021 12:35 PM

Re: SignInLogs are not showing in Log Analytics / Azure Monitor

@Ben Owens 

 

Hi yes  it seems that even if you can configure it and send it to log analytics you need P1 license  to query and export data settings . I thought that  i can because of this : 

How long does Azure AD store the data?

Activity reports

HOW LONG DOES AZURE AD STORE THE DATA?Report Azure AD Free Azure AD Premium P1 Azure AD Premium P2
Audit logs7 days30 days30 days
Sign-ins7 days30 days30 days
Azure AD MFA usage30 days30 days30 days
1 Like
Reply
Sergg

‎Mar 24 2021 04:33 AM

‎Mar 24 2021 04:33 AM

Re: SignInLogs are not showing in Log Analytics / Azure Monitor

Hello, I got the same issue in my purpose built demo tenant - all the eval licenses present, everything is configured, EMS E5 (Eval), Azure (Free Eval with credit), AAD is P2 (eval) but SignIn logs are not showing in Log Analytics Workspace. What is the final take on this? It is about 12 hours since config applied. How to get this flushed?
0 Likes
Reply
Ben Owens

‎Mar 26 2021 02:24 PM

‎Mar 26 2021 02:24 PM

Re: SignInLogs are not showing in Log Analytics / Azure Monitor

You note that your using eval licenses. Along with your eval licenses, I personally think you should buy just one Azure AD Premium 1 license to help get things outputting to Log Analytics more quickly.

If be interested to know if that speeds things along.
0 Likes
Reply
Kalimanne J

‎Aug 29 2021 07:43 PM - edited ‎Aug 29 2021 07:47 PM

‎Aug 29 2021 07:43 PM - edited ‎Aug 29 2021 07:47 PM

Re: SignInLogs are not showing in Log Analytics / Azure Monitor

@Ben Owens  @Sergg I am also missing sign-in logs even after waiting 24 hours.

Are evaluation trial licensing not supposed to be full featured or is it a bug that Microsoft needs to fix?

Are there some extra steps required to test setting up email alerts for sign-in activity (breakglass account etc.) when using P1/P2 trial licensing?

Screen Shot 2021-08-29 at 7.33.10 PM.png 

1 Like
Reply
Ben Owens

‎Sep 01 2021 03:06 AM

‎Sep 01 2021 03:06 AM

Re: SignInLogs are not showing in Log Analytics / Azure Monitor

@Kalimanne J in short, I don't know.  It's been a while since my original post.

 

I've enabled LogAnalytics for SignInLogs and AuditLogs today on a developer tenant.

 

Within a few minutes, the AuditLogs show up, populated with some entries.  No SignInLogs showing yet, but I'll let you know how long it takes to show up.

 

For context, I'm enabling this on an M365 Developer Tenant which has 25 M365 E5 licenses assigned, so therefore Azure AD Premium 2 is in place.  I have no purchased licenses.

 

I'm using my MSDN subscription for the LogAnalytics workspace.

0 Likes
Reply
Ben Owens

‎Sep 01 2021 03:17 AM - edited ‎Sep 01 2021 03:18 AM

‎Sep 01 2021 03:17 AM - edited ‎Sep 01 2021 03:18 AM

Re: SignInLogs are not showing in Log Analytics / Azure Monitor

@Kalimanne J I should have waited a few minutes more.

 

I now have the SignInLogs showing as well.  So within 15-20 minutes of setting up the diagnostics, I have both SignInLogs and AuditLogs showing in AzureMonitor/LogAnalytics.

 

Could you purchase 1 Azure AD P1 or Azure AD P2 license for your trial tenant and see whether that kicks things into action on your tenant and results in the SignInLogs being output?

 

Not sure about the context of your work, but if it's testing, then it may be worth spinning up a developer tenant as the licenses run for a longer time and, as proved above, outputs the SignInLogs successfully without having to purchase a license.

0 Likes
Reply
Russell McKee

‎May 06 2022 07:12 AM

‎May 06 2022 07:12 AM

Re: SignInLogs are not showing in Log Analytics / Azure Monitor

@Ben Owens 

I had this in a real tenant with AAD P1. I waited over 1 week. I thought i was going crazy (bad config etc), but all checked out correctly.

I raised a ticket with Microsoft yesterday with the details of the tenant, screenshots etc. Had a call back today saying its all fixed. There was a global issue causing the SignInLogs to not be sent to Log Analytics. He didnt expand on the problem, but informed me Microsoft had a team of engineers looking to fix this for other customers. By the time we then checked our tenant, it was fixed anyway! So worth raising with Microsoft of you have set it up correctly and have the correct licenses etc.

1 Like
Reply