Overview

Comprehensive authentication logs from Azure Active Directory capturing user sign-in events, multi-factor authentication, conditional access policy evaluation, and device compliance status. Essential for security monitoring and compliance reporting.

When Generated:
  • Every time a user signs into any Azure AD connected application
  • During multi-factor authentication challenges
  • When conditional access policies are evaluated
  • During password changes and user registration events
  • For both interactive and non-interactive authentication
Security Relevance: High
Compliance: SOC 2 GDPR HIPAA PCI DSS NIST Cybersecurity Framework ISO 27001 FedRAMP
Frequency Notes: Very high frequency in enterprise environments (1200+ events/hour baseline). Peak activity during business hours with 3x multiplier. Reduced activity nights/weekends but never zero due to automated services and global workforce.

Resources

Documentation
Tools

Generation Configuration

Base Frequency: 1200 events/hour
Time Patterns: business_hours night_hours weekend
Business Hours Multiplier: 3.0x
Night Hours Multiplier: 0.3x
Weekend Multiplier: 0.5x
Details
signin_logs
Event Type
22
Fields
High
Frequency
7
Tags
Tags:
azure-ad authentication signin identity mfa conditional-access audit
Feedback
No ratings yet