Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

AADServicePrincipalSignInLogs determine target resource (not just its type)

Copper Contributor

All,

 

I'm working on the AADServicePrincipalSignInLogs table and can't find a way to get the actual resource a given Service Principal signed into. According to https://docs.microsoft.com/en-us/azure/azure-monitor/reference/tables/aadserviceprincipalsigninlogs there's a ResourceIdentity column but that seams to reference a default ID (I guess Key Vault is registered across all Azure tenants with the same ID). There's also ResourceServicePrincipalId (description: Service Principal Id of the resource)  but for me it is empty. All I can deduct from the log is the type of the target resource:

adampra86_0-1658937539244.png

How can I deterimne whether the target resource changed, a new was added etc. ? Am I  missing something ?

 

thanks !

0 Replies