Jan 28 2019
08:08 AM
- last edited on
Jan 14 2022
05:20 PM
by
TechCommunityAP
Jan 28 2019
08:08 AM
- last edited on
Jan 14 2022
05:20 PM
by
TechCommunityAP
Jan 28 2019 09:01 AM
If apps are using Modern Authentication then you'll only see reauthentication events when the token expires, which can be forever ...
Jan 28 2019 10:13 AM
As Steven said above, MA greatly reduces the number of sign-in events. I just wanted to add that if you are looking for "when was this user last active" type of report, you should look at the Unified audit log in the SCC, which should give you a lot more events. When it works, that is.
P.S. I wonder how many more years will have to pass until we get a LastLoginDate attribute.
Feb 06 2019 04:24 AM
We are facing similar issues. We use SailPoint to automatically disable user identities for on-premises Active Directory. There are VIPs who only use O365 services so they never logon to on-premises AD and their lastlogontimestamp is never updated. We want to build a correlation between Azure AD and on-premises AD so that before a decision is made by SailPoint to disable an account it considers both on-premises lastlogontimestamp and Azure AD sign-in logs. We face same issue as described above and there is no other attribute to refer to in AzureAD which can allow this correlation to happen. So the method we have today is not full proof and has chances to fail if we use sign-in logs as correlation attribute.
Jun 24 2021 12:43 AM
Nov 01 2023 10:23 AM
@Alpesh Shinde Have you found any solution for the correlation between AD and AAD?