Tech Tips - Blog

Windows Azure Active Directory Reports

Windows Azure Active Directory (WAAD), Microsoft’s cloud based identity management suite, a REST-based implementation of Active Directory, is what Office 365 uses to manage user accounts, licenses, groups and authentication. To support unified identity management with traditional on-premises applications, WAAD can also be integrated with Windows Server Active Directory with DirSync or Azure AD Connect AAD Connect) and Active Directory Federation Services (ADFS) gateway components.

WAAD contains a series of security and usage reports which Administrators should run on a regular basis to ensure that their Cloud infrastructure remains safe n secure. Knowledge Vault just released its Azure AD Connector to provide fine grained reporting on Azure AD.

To access these reports you need to sign into the Azure Management Portal as an administrator.

Select Active Directory from the menu and click on the directory you wish to view the reports on.

Azure Active Directory Center

Select the REPORTS from the tab at the top.

Azure Active Directory Reports

Run any of the Azure AD reports available for your tenant.

Azure Active Directory Reports

This Microsoft article explains in detail, what each report does, whether it is available for free or with Azure AD Premium only.

In the portal, the reports are categorized in the following ways:

  • Anomaly reports - Contain sign in events that we found to be anomalous. Our goal is to make you aware of such activity and enable you to be able to make a determination about whether an event is suspicious.
  • Integrated Application report – Provides insights into how cloud applications are being used in your organization. Azure Active Directory offers integration with thousands of cloud applications.
  • Error reports – Indicate errors that may occur when provisioning accounts to external applications.
  • User-specific reports – Display device/sign in activity data for a specific user.
  • Activity logs - Contain a record of all audited events within the last 24 hours, last 7 days, or last 30 days, as well as group activity changes, and password reset and registration activity.

Below is a snapshot of the table showing the various reports and their description. The full report is available here.

At this time, only the Anomalous Sign In Activity report and the Users with Anomalous Sign In Activity report use the email notification system.

Knowledge Vault has released its Azure AD Connector offering fine grained reports and alerting capabilities along with long term retention of your Azure AD Audit data. Knowledge Vault Reports can be automatically delivered to you management or to your customers.

To learn more about Knowledge Vault’s Azure AD Connector and for your Free 14-day trial, please click here.