Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

How to interpret non-interactive user sign-ins?

Iron Contributor

While investigating the sign-in logs of a specific user I stumbled upon the following entries. The interactive sign-ins all failed because of conditional access policies.

 

Kiril_0-1679656314298.png

 

The non-interactive on the other hand were all successful. How does that make sense, or what does that mean?

 

Kiril_1-1679656404102.png

 

 

8 Replies
the user sing-in interactive is where the user is entering password to gain access to your apps and here the conditional policy will challenge your user.

the user sign-in non-interactive is where the user for example refreshes a page for an app he accessed already, and the conditional access policy was already verified so no need to rechallenge him again and the status showed success.
Since this is a new user, there were no other interactive sign-ins, so this user never had access in the first place. The conditional access policies were never successfully verified.

@Kiril 

Non-interactive user sign-ins are sign-ins that are performed by a client app or an OS component on behalf of a user. These sign-ins don't require any interaction or authentication factor from the user. For example, authentication and authorization using refresh and access tokens that don't require a user to enter credentials.

Below are some of the examples when non-interactive sign-in gets triggered,

• A client app uses an OAuth 2.0 refresh token to get an access token.
• A client uses an OAuth 2.0 authorization code to get an access token and refresh token.
• A user performs single sign-on (SSO) to a web or Windows app on an Azure AD joined PC.
• A user signs in to a second Microsoft Office app while they have a session on a mobile device using FOCI (Family of Client IDs).

Thank you. The documentation https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-all-sign-ins#non... says something similar, but I still can't wrap my head around it. For the specific case I outlined - what does that mean for the Application "Microsoft App Access Panel"?

@Kiril the access panel is when a user navigate to https://myapps.microsoft.com/

 

eliekarkafy_0-1679659221760.png

 

 

 

Thank you, understood. Now, when looking at the logs, was the user able to successfully navigate to that page or not? In the interactive sing-ins the Status is either Failure or Interrupted, while in the non-interactive sign-ins the status is a Success.

@Kiril 

Correct, and that what's happening with that user. i hope that helped you and keep me posted for any further assistance.

Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.

@eliekarkafy 

 

Correct, and that what's happening with that user. i hope that helped you and keep me posted for any further assistance.

Unfortunately not, but thank you very much. My question is still unanswered, that I can't make sense of the "conflicting" statuses in interactive and non-interactive sign-ins.