Log user authentications in Azure Active Directory B2C
The logs available in Azure Active Directory, "Audit Logs" and "Sign-in" don't show activity related to consumer authentications. Having a view of consumer logins via the Azure Active Directory or Azure AD B2C sections would be very useful.
All consumer logins including local and social/federated are included in the audit logs.
Is there more information that you are looking for?
Martin Wüthrich commented
As another contributor already suggested:
This affects all User Accounts within a Azure AD. We need to be able to alert, if a specific user logs uses the Azure AD as an identity provider.
If you read the following article of Microsoft carefully:
You will find, that Microsoft recommends to use specfic, cloud only Accounts for the permanent Global Administrator assignment. And that you should avoid conditional Access on those, to make sure the Fallback Admins will work, if your Admin Account doesn't.
So with no CA, and maybe also without MFA, we have Global Administrator Accounts with only a Password.
This leads to the fact: We need to be alerted as fast as possible, if one of those Fallback Accounts is used for authentication, because they should not be used, until an emergency.
Stein B commented
We are using Sign in or Sign up policies - mainly because we require a customized logon page. Microsoft's own documentation recommends using Sign in or Sign policy:
So why can't Sign in or Sign policy log attempts? Is it a question of choosing custom ui or wanting logging?
Dmitrii Solovev commented
Sign in report doesn't reflect all sign-ins
Robin Vermeirsch commented
Seriously... how can this not be logged and accessed?
Bill Safcik commented
Hello Michael. We do log sign in information currently in B2C if you are using separate Sign in and Signup policies. If you use a combination sign in or signup policy, we currently do not log this information.