How can we improve Azure Active Directory?

← Azure Active Directory

Make SPN (non-interactive) login events logged and available

Currently in Azure AD when using SPN (non-interactive) logins via code (.Net, Powershell, etc.) for automated processes (server to server communication/API) that interact with Azure, there is no event in Azure AD logs to show that this login has occurred. Please make this exposed in the logs in the same fashion that an interactive user login is logged. This is not only beneficial for troubleshooting, but more importantly from a security, compliance, and risk audit trail standpoint.

67 votes
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Steven Grinker shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

10 comments

Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Anonymous commented  ·   ·  Flag as inappropriate

    I just came across this. and was sad to see its so old.
    I just changed my EWS app to use an SPN for login with OAuth instead of basic as per microsoft recommendations.
    Not sure if it is all secure though as I cant audit the login.
    The only way I think it may have worked is beacuse I turned off Legacy auth.

    Not great security auditing microsoft.

  • Jim Smith commented  ·   ·  Flag as inappropriate

    Any update on the progress of this? We are in the process of implementing OAuth via Azure AD in our web api and the visibility of sign-in information is crucial.

  • Jon Webster commented  ·   ·  Flag as inappropriate

    Vendor claims their product didn't make changes to our environment, but we have evidence the enterprise application used only by them made the change. There is no way to prove what happened without this capability.

  • Steven Grinker commented  ·   ·  Flag as inappropriate

    Any updates since Dec 1, 2017 on this? Shouldn't this have been marked as "Under Review" based on that comment?

  • Edmund C Soyza commented  ·   ·  Flag as inappropriate

    Hello, was just wondering if there has been any new developments on this? I actually opened a case with Microsoft to inquire how to get this info myself before I found this page.

  • JH commented  ·   ·  Flag as inappropriate

    Any update on this? Having no login information is especially problematic for SPN logins since no conditional access can be applied to them.

Azure Active Directory: Reporting

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice