Azure AD sign-in activity log should record and show sign-ins from service principal
Currently, Azure AD sign-in activity log only shows user activities. Sign-ins from service principal (certificate or client id/key) is not recorded. So it is difficult for customers to know if service principal is maliciously used by certificate or key leak.
Berna Wy commented
Service principal and non-interactive events are now available in the Azure AD Sign-ins blade in public preview! You can see the new sign in reports using the Non-interactive user sign ins, Service principal sign ins, and Managed identities sign ins here: https://portal.azure.com/?Microsoft_AAD_IAM_signinstabview=true#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/SignIns
Need this feature
Luke Kraehenbuehl commented
How is this not a feature?
I want to be able to audit the usage of an SP/App registraion
Scott Heath commented
I was looking into this as well today as I want to clean up old and unused service principal and app registrations. Being able to see login information would be super helpful.
Amit Henry commented
is there any update on this issue , are there plans to make sing-ins logs from SP available in near future ?