Used by the Mail and Calendar app for Windows 10.Ī legacy mail client using POP3 to retrieve email. Shows all sign-in attempts from users using mobile apps and desktop clients.Ī copy of address list collections that are downloaded and used by Outlook. For instructions, see Connect to Exchange Online PowerShell using multi-factor authentication.Ī programming interface that's used by Outlook, Outlook for Mac, and third-party apps.Ī legacy mail client using IMAP to retrieve email. If you block basic authentication for Exchange Online PowerShell, you need to use the Exchange Online PowerShell module to connect. Used to connect to Exchange Online with remote PowerShell. Shows all sign-in attempts from users with client apps using Exchange ActiveSync to connect to Exchange Online Shows all sign-in attempts from users using web browsers This filter shows all sign-in attempts where the EAS protocol has been attempted. Used by Outlook and EAS clients to find and connect to mailboxes in Exchange Online. Used by POP and IMAP client's to send email messages. The following table provides the options and descriptions for the Client app filter option.ĭue to privacy commitments, Azure AD does not populate this field to the home tenant in the case of a cross-tenant scenario. Currently, converting IP address to a physical location is a best effort based on traces, registry data, reverse lookups and other information. Mobile providers and VPNs issue IP addresses from central pools that are often far from where the client device is actually used. IP addresses: There's no definitive connection between an IP address and where the computer with that address is physically located.Failure: The sign-in satisfied the user and application condition of at least one CA policy and grant controls are either not satisfied or set to block access.Success: One or more CA policies applied to the user and application (but not necessarily the other conditions) during sign-in.Not applied: No policy applied to the user and application during sign-in.Conditional access: The status of the Conditional Access (CA) policy.Resource: The name of the service used for the sign-in.Status: Options are Success, Failure, and Interrupted.User: The user principal name (UPN) of the user in question.There are several filter options to choose from: Select the Add filters option from the top of the table to get started. Follow the prompts to make the selection you need for the filter. Some filter options prompt you to select more options. For example, you could filter the list to only view sign-ins that occurred in a specific geographic location, from a specific operating system, or from a specific type of credential. Select the columns you want to view and select the Save button at the bottom of the window.įiltering the sign-ins log is a helpful way to quickly find logs that match a specific scenario.Select Columns from the menu at the top of the log.The sign-ins log has a default view, but you can customize the view using over 30 column options. ![]() You can specify what columns to include and filter the data to narrow things down. To more effectively view the sign-ins log, spend a few moments customizing the view for your needs. You can also access the sign-in logs from the following areas of Azure AD: Go to Azure Active Directory > Sign-ins log. Sign in to the Azure portal using the appropriate least privileged role. It will take a couple of days for the data to show up in Graph after you upgrade to a premium license with no data activities before the upgrade. See Getting started with Azure Active Directory Premium to upgrade your Azure Active Directory edition. If you have an Azure Active Directory P1 or P2 license, you can access the sign-in activity report through the Microsoft Graph API. The sign-in activity report is available in all editions of Azure AD. To access the sign-ins log for a tenant, you must have one of the following roles: You can always access your own sign-ins history at. How many users have signed in over a week? You can use the sign-ins log to find answers to questions like:
0 Comments
Leave a Reply. |