OAuth activity log in Azure AD

AZ365 · ‎Dec 12 2023

I notice the user audit logs in Azure AD do not seem to log OAuth-related activities such as issuing and renewing a token. Is there a way to see that? My end goal is to set up a conditional access for an external app that uses a service account to authenticate against Azure AD and I need to know where the OAuth related requests come from. Thank you.

Vasil Michev · ‎Dec 12 2023

Use the Sign-in logs instead.

AZ365 · ‎Dec 13 2023

Sorry I meant the Sign-in logs. I don't see any log entries related to non-interactive logins (e.g. from an external app). Only explicit interactive logins are logged. Thanks.

AZ365 · ‎Dec 13 2023

And have you checked the other tabs? An alternative approach is to configure an export of the Graph API logs to Sentinel/whatever: https://learn.microsoft.com/en-us/graph/microsoft-graph-activity-logs-overview

AZ365 · ‎Dec 18 2023

Thank you Vasil. The Graph activity logs look promising.

AZ365 · ‎Dec 13 2023

And have you checked the other tabs? An alternative approach is to configure an export of the Graph API logs to Sentinel/whatever: https://learn.microsoft.com/en-us/graph/microsoft-graph-activity-logs-overview

View solution in original post

OAuth activity log in Azure AD

OAuth activity log in Azure AD

Re: OAuth activity log in Azure AD

Re: OAuth activity log in Azure AD

Re: OAuth activity log in Azure AD

Re: OAuth activity log in Azure AD

Re: OAuth activity log in Azure AD

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

OAuth activity log in Azure AD