You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With Microsoft Graph, you can programmatically accesss identity and access reports to monitor and troubleshoot all activities in your tenant. In addition, you can analyze these logs with Azure Monitor logs and Log Analytics, or stream to third-party SIEM tools for further investigations.
17
+
With Microsoft Graph, you can programmatically access identity and access reports to monitor and troubleshoot all activities in your tenant. In addition, you can analyze these logs with Azure Monitor logs and Log Analytics, or stream to third-party SIEM tools for further investigations.
18
18
19
19
The availability of all Microsoft Entra identity and access reports is governed by the [Microsoft Entra data retention policies](/entra/identity/monitoring-health/reference-reports-data-retention#how-long-does-azure-ad-store-the-data).
20
20
21
+
Fore more information about identity and access reports, see [Microsoft Entra monitoring and health](/entra/identity/monitoring-health).
22
+
21
23
## Available reports
22
24
23
25
### Application activity reports
@@ -26,15 +28,15 @@ The availability of all Microsoft Entra identity and access reports is governed
26
28
27
29
The AD FS application activity report provides information about how a relying party is configured with Active Directory Federation Services (AD FS), its aggregated usage, and whether the relying party configuration can be migrated to Microsoft Entra ID. For more information, see the [relyingPartyDetailedSummary](/graph/api/resources/applicationsigninsummary) resource.
This report is available through the [appCredentialSignInActivity resource type](/graph/api/resources/appcredentialsigninactivity) and details the usage of an app credential (secret, certificate, or federated identity credential) in your tenant.
32
34
33
-
#### Service principal signin activity (preview)
35
+
#### Service principal sign-in activity (preview)
34
36
35
-
This report is available through the [servicePrincipalSignInActivity resource type](/graph/api/resources/serviceprincipalsigninactivity) and details the sign-in activity for a service principal in your tenant. The sign-in activity can be delegated or application-only scenarios. For application-only scenarios, the [application credential activity](#application-credential-activity-preview) provides additional information on the credential usage.
37
+
This report is available through the [servicePrincipalSignInActivity resource type](/graph/api/resources/serviceprincipalsigninactivity) and details the sign-in activity for a service principal in your tenant. The sign-in activity can be delegated or application-only scenarios. For application-only scenarios, the [application credential activity](#application-credential-sign-in-activity-preview) provides additional information on the credential usage.
36
38
37
-
#### Application sign-in
39
+
#### Application sign-in (preview)
38
40
39
41
Evaluate the usage of application sign-ins in your tenant using either [a summary report](../resources/applicationsigninsummary.md) or [a report that provides details of sign-ins](../resources/applicationsignindetailedsummary.md), such as the number of sign-ins and whether any errors occurred during sign-in.
40
42
@@ -44,21 +46,25 @@ In Microsoft Entra External ID for external tenants where you have registered ap
44
46
45
47
### Health reports (preview)
46
48
47
-
- Monitor [Microsoft Entra availability and SLA compliance](../api/azureadauthentication-get.md). This report is available on the Microsoft Entra portal through **Monitoring and health** tab group > **Health** > **SLA attainment**
49
+
- Monitor [Microsoft Entra availability and SLA compliance](../api/azureadauthentication-get.md). This report is available on the Microsoft Entra admin center through **Monitoring and health** tab group > **Health** > **SLA attainment**
48
50
- Monitor the health of various Microsoft Entra and Microsoft 365 services through the [serviceActivity resource type](../resources/serviceactivity.md) and its associated API operations. For example:
49
-
- Success and failure metrics for important events within your tenant such as MFA sign-in success and failure metrics, and Conditional Access sign-in metrics for managed and compliant devices. These reports are available on the Microsoft Entra portal through **Monitoring and health** tab group > **Health** > **Scenario Monitoring**
51
+
- Success and failure metrics for important events within your tenant such as MFA sign-in success and failure metrics, and Conditional Access sign-in metrics for managed and compliant devices. These reports are available on the Microsoft Entra admin center through **Monitoring and health** tab group > **Health** > **Scenario Monitoring**
50
52
- Health status for Microsoft 365 services including Exchange Online, Teams, and different Microsoft 365 apps like Word, PowerPoint, Visio, and Excel
51
53
- Retrieve signals for different alerts relating to Microsoft Entra services with [Microsoft Entra Health monitoring APIs](../resources/healthmonitoring-overview.md)
52
54
53
-
### Registration and usage
55
+
### Authentication methods registration and usage
54
56
55
-
Authentication methods activity reports provides information on the registration and usage of [authentication methods](../resources/authenticationmethods-overview.md) in your tenant. For example, how many users are registered for an authentication method, how any are capable for MFA or SSPR, and so on. You can determine which authentication methods are more successful for your organization, what types of errors end users are running into, and what campaign you need to run to help your end users adopt the use of SSPR and MFA.
57
+
Authentication methods activity reports provide information on the registration and usage of [authentication methods](../resources/authenticationmethods-overview.md) in your tenant. For example, how many users are registered for an authentication method, how any are capable for MFA or SSPR, and so on. You can determine which authentication methods are more successful for your organization, what types of errors end users are running into, and what campaign you need to run to help your end users adopt the use of SSPR and MFA.
56
58
57
59
For more information, see [authentication method usage APIs](../resources/authenticationmethods-usage-insights-overview.md).
58
60
59
61
### Microsoft Entra audit logs
60
62
61
-
Audit logs are available for sign-ins, activities in the directory, and provisioning. For more information, see [Microsoft Entra audit logs](../resources/azure-ad-auditlog-overview.md).
63
+
Audit logs are available for sign-ins, activities in the directory including those relating to custom security attributes, and provisioning. For more information, see [Microsoft Entra audit logs](../resources/azure-ad-auditlog-overview.md).
64
+
65
+
### Microsoft Entra recommendations (preview)
66
+
67
+
Microsoft Entra recommendations are insights into your tenant state that fall into two categories: best practice recommendations or the Identity Secure Score. Best practice recommendations include detected usage of deprecated or retired features, MFA recommendations, and inactive guests. For more information, see [Microsoft Entra recommendations APIs](../resources/recommendations-api-overview.md)
With Microsoft Graph, you can programmatically accesss identity and access reports to monitor and troubleshoot all activities in your tenant. In addition, you can analyze these logs with Azure Monitor logs and Log Analytics, or stream to third-party SIEM tools for further investigations.
17
+
With Microsoft Graph, you can programmatically access identity and access reports to monitor and troubleshoot all activities in your tenant. In addition, you can analyze these logs with Azure Monitor logs and Log Analytics, or stream to third-party SIEM tools for further investigations.
18
18
19
19
The availability of all Microsoft Entra identity and access reports is governed by the [Microsoft Entra data retention policies](/entra/identity/monitoring-health/reference-reports-data-retention#how-long-does-azure-ad-store-the-data).
20
20
21
+
Fore more information about identity and access reports, see [Microsoft Entra monitoring and health](/entra/identity/monitoring-health).
22
+
21
23
## Available reports
22
24
23
25
### Application activity reports
@@ -28,14 +30,29 @@ The AD FS application activity report provides information about how a relying p
28
30
29
31
#### Authentication methods registration and usage activity
30
32
31
-
Authentication methods activity reports provides information on the registration and usage of [authentication methods](../resources/authenticationmethods-overview.md) in your tenant. For example, how many users are registered for an authentication method, how any are capable for MFA or SSPR, and so on. You can determine which authentication methods are more successful for your organization, what types of errors end users are running into, and what campaign you need to run to help your end users adopt the use of SSPR and MFA.
33
+
Authentication methods activity reports provide information on the registration and usage of [authentication methods](../resources/authenticationmethods-overview.md) in your tenant. For example, how many users are registered for an authentication method, how any are capable for MFA or SSPR, and so on. You can determine which authentication methods are more successful for your organization, what types of errors end users are running into, and what campaign you need to run to help your end users adopt the use of SSPR and MFA.
32
34
33
35
For more information, see [authentication method usage APIs](../resources/authenticationmethods-usage-insights-overview.md).
34
36
35
37
### Microsoft Entra audit logs
36
38
37
39
Audit logs are available for sign-ins, activities in the directory, and provisioning. For more information, see [Microsoft Entra audit logs](../resources/azure-ad-auditlog-overview.md).
38
40
41
+
## Reports in preview only
42
+
43
+
The following reports are available on the `beta` endpoint only:
-[Service principal sign-in activity](/graph/api/resources/serviceprincipalsigninactivity?view=graph-rest-beta&preserve-view=true)
47
+
- Application sign-in reports: [summarized count](/graph/api/resources/applicationsigninsummary?view=graph-rest-beta&preserve-view=true) or [detailed report](/graph/api/resources/applicationsignindetailedsummary?view=graph-rest-beta&preserve-view=true)
48
+
- Application user activity for Microsoft Entra External ID: [daily insights](/graph/api/resources/dailyuserinsightmetricsroot?view=graph-rest-beta&preserve-view=true) and [monthly insights](/graph/api/resources/monthlyuserinsightmetricsroot?view=graph-rest-beta&preserve-view=true)
49
+
- Health reports: [SLA attainment](/graph/api/azureadauthentication-get?view=graph-rest-beta&preserve-view=true), [service activity](/graph/api/resources/serviceactivity?view=graph-rest-beta&preserve-view=true), and [health monitoring](/graph/api/resources/healthmonitoring-overview?view=graph-rest-beta&preserve-view=true)
50
+
- The following authentication methods registration and usage reports
0 commit comments