Azure AD sign-in activity log should record and show sign-ins from service principal
Currently, Azure AD sign-in activity log only shows user activities. Sign-ins from service principal (certificate or client id/key) is not recorded. So it is difficult for customers to know if service principal is maliciously used by certificate or key leak.
Amit Henry commented
is there any update on this issue , are there plans to make sing-ins logs from SP available in near future ?