AADServicePrincipalSignInLogs determine target resource (not just its type)

Occasional Contributor



I'm working on the AADServicePrincipalSignInLogs table and can't find a way to get the actual resource a given Service Principal signed into. According to https://docs.microsoft.com/en-us/azure/azure-monitor/reference/tables/aadserviceprincipalsigninlogs there's a ResourceIdentity column but that seams to reference a default ID (I guess Key Vault is registered across all Azure tenants with the same ID). There's also ResourceServicePrincipalId (description: Service Principal Id of the resource)  but for me it is empty. All I can deduct from the log is the type of the target resource:


How can I deterimne whether the target resource changed, a new was added etc. ? Am I  missing something ?


thanks !

0 Replies