Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

How to export logs that contain name of Conditional Access policies?

Copper Contributor

Hi!

I created new conditional access (CA) policy and set up it as "Report-Only".

Now, I want to see who is affected by this specific policy.

I exported sign-in logs from Azure, but there is no Column (Field) with CA policy name. I can see only CA status (Success, Failure, Not applied), but I don't see what specific policy worked out.


How can I see to which users applied the specific CA policy?

3 Replies

Hi @xStevex,

 

You can connect your Azure AD to a Log Analytics Workspace. After the connection is established, you can go to the Azure AD Portal --> All Services --> Azure AD Conditional Access --> Insights and Reporting, here you can see the reports in detail. 

 

If you have any questions, please let me know.

 

Regards,

Tiennes

@TiennesHi!

Thanks!

There is any other possibility to get those data?

I don't have Log Analytics Workspace now and I must configure it. I'm not sure if it is an easy process. Perhaps I need to invite another team to this.

Hi @xStevex,

 

In my opinion, the Log Analytics Workspace is your best shot. It's easy to set up and very convenient for doing an in-depth analysis of the outcome of your "Report-Only" Conditional Access Policies.

 

For more information: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-...

 

With Regards,

Tiennes