Make SPN (non-interactive) login events logged and available
Currently in Azure AD when using SPN (non-interactive) logins via code (.Net, Powershell, etc.) for automated processes (server to server communication/API) that interact with Azure, there is no event in Azure AD logs to show that this login has occurred. Please make this exposed in the logs in the same fashion that an interactive user login is logged. This is not only beneficial for troubleshooting, but more importantly from a security, compliance, and risk audit trail standpoint.
We are working on this but we don’t have a public ETA to share at this time. We will keep you updated as we get closer.
Dhanyah Krishnamoorthy commented
We are looking to add this feature into our Sign-ins Activity logs in the near future. We will keep you posted.
Edmund C Soyza commented
Hello, was just wondering if there has been any new developments on this? I actually opened a case with Microsoft to inquire how to get this info myself before I found this page.
Yes , and this should be a dashboard widget with email alerts as well
Any update on this? Having no login information is especially problematic for SPN logins since no conditional access can be applied to them.
We have received this feedback and looking to add this information in our Sign ins report. I will let you know as soon as I have an update
Jon McCabe commented
As a PCI compliant application we need to capture logs of when a Service Principal is being used. This would include failed logins, successful logins, password changes, etc. We would then like these logs to go to OMS for reporting and alerting.