Make SPN (non-interactive) login events logged and available
Currently in Azure AD when using SPN (non-interactive) logins via code (.Net, Powershell, etc.) for automated processes (server to server communication/API) that interact with Azure, there is no event in Azure AD logs to show that this login has occurred. Please make this exposed in the logs in the same fashion that an interactive user login is logged. This is not only beneficial for troubleshooting, but more importantly from a security, compliance, and risk audit trail standpoint.
We are working on this but we don’t have a public ETA to share at this time. We will keep you updated as we get closer.
Jon Webster commented
Vendor claims their product didn't make changes to our environment, but we have evidence the enterprise application used only by them made the change. There is no way to prove what happened without this capability.
Steven Grinker commented
Any updates since Dec 1, 2017 on this? Shouldn't this have been marked as "Under Review" based on that comment?
Any news from Microsoft on this request?
Walsh. Stephen (Enterprise Services) commented
This would be very useful for troubleshooting and auditing
Dhanyah Krishnamoorthy commented
We are looking to add this feature into our Sign-ins Activity logs in the near future. We will keep you posted.
Edmund C Soyza commented
Hello, was just wondering if there has been any new developments on this? I actually opened a case with Microsoft to inquire how to get this info myself before I found this page.
Any update on this? Having no login information is especially problematic for SPN logins since no conditional access can be applied to them.
We have received this feedback and looking to add this information in our Sign ins report. I will let you know as soon as I have an update