SOLVED

OAuth activity log in Azure AD

Copper Contributor

I notice the user audit logs in Azure AD do not seem to log OAuth-related activities such as issuing and renewing a token. Is there a way to see that? My end goal is to set up a conditional access for an external app that uses a service account to authenticate against Azure AD and I need to know where the OAuth related requests come from. Thank you.

4 Replies
Use the Sign-in logs instead.
Sorry I meant the Sign-in logs. I don't see any log entries related to non-interactive logins (e.g. from an external app). Only explicit interactive logins are logged. Thanks.
best response confirmed by AZ365 (Copper Contributor)
Solution
And have you checked the other tabs? An alternative approach is to configure an export of the Graph API logs to Sentinel/whatever: https://learn.microsoft.com/en-us/graph/microsoft-graph-activity-logs-overview
Thank you Vasil. The Graph activity logs look promising.
1 best response

Accepted Solutions
best response confirmed by AZ365 (Copper Contributor)
Solution
And have you checked the other tabs? An alternative approach is to configure an export of the Graph API logs to Sentinel/whatever: https://learn.microsoft.com/en-us/graph/microsoft-graph-activity-logs-overview

View solution in original post