{"id":20376,"date":"2022-02-02T08:39:51","date_gmt":"2022-02-02T13:39:51","guid":{"rendered":"https:\/\/www.eginnovations.com\/blog\/?p=20376"},"modified":"2024-04-08T03:22:02","modified_gmt":"2024-04-08T07:22:02","slug":"track-users-azure-active-directory","status":"publish","type":"post","link":"https:\/\/www.eginnovations.com\/blog\/track-users-azure-active-directory\/","title":{"rendered":"Monitoring and Managing Azure Active Directory Users"},"content":{"rendered":"<div class=\"inner_content\">\n<p><em>This blog post is part 2 of our Monitoring Microsoft Azure Active Directory series. See <a href=\"https:\/\/www.eginnovations.com\/blog\/how-to-monitor-azure-active-directory\/\">How to monitor Azure Active Directory<\/a> for more articles on monitoring Azure AD.<\/em><\/p>\n<p>Managing Identity is a big challenge in a cloud environment, especially when users can potentially log in from anywhere. Additionally, users can often use different types of devices to log in and access cloud-hosted resources. Without a central Authentication and Authorization source, it is very difficult to manage who can login to what and who can do what with a cloud resource. On top of that, there can be thousands of identical identities from different organizations trying to consume the cloud resources. Microsoft solves all the above challenges with the help of Azure Active Directory (Azure AD).<\/p>\n<p>We can get a decent basic understanding of Azure Active Directory from the Microsoft <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/fundamentals\/active-directory-whatis\" target=\"blank\" rel=\"noopener noreferrer\">documentation,<\/a> and I\u2019ve written a quick overview <a href=\" https:\/\/www.eginnovations.com\/blog\/what-is-azure-active-directory\/\" rel=\"noopener noreferrer\">Azure Active Directory (Azure AD) &#8211; 101,<\/a> which includes the relationship between Active Directory and Azure AD Connector.<\/p>\n<p>Azure AD as the name suggests is a directory of all your usernames, credentials, and access rights to resources. It is designed to operate in a cloud infrastructure using REST APIs to pass data from one application and system to the other. Azure AD is based upon the building blocks of users and groups.<\/p>\n<h2>Importance of Monitoring Users Created in Azure Active Directory<\/h2>\n<p>In this blog post, I\u2019ll focus on monitoring users within <a href=\"https:\/\/www.eginnovations.com\/blog\/what-is-azure-active-directory\/\/\">Azure AD<\/a>, including a list of key checks and questions you should consider when evaluating your auditing, security, and visibility needs for managing users.<\/p>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-monitoring-logs-view.jpg\" data-rel=\"lightbox-image-0\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-20409\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/01\/azure-monitoring-logs.jpg?newimage\" alt=\"Azure monitoring logs\" width=\"750\" height=\"381\" border=\"0\" \/><\/a><\/p>\n<div class=\"img_caption\">Figure 1: Monitor every layer of Azure AD, including users, devices, audit logs, groups, directory roles, APP Registrations<\/div>\n<p style=\"margin-bottom: 15px;\">The user account in Azure AD is like a user account in Active Directory. An Azure AD can have user accounts from :<\/p>\n<ul>\n<li>Cloud identities<\/li>\n<li>Synced identities<\/li>\n<\/ul>\n<p>Cloud identities are accounts that exist only in Azure AD whereas synced identities are those that exist in an on-premises Active Directory and are being synchronized to Azure AD using a directory sync tool called \u201cAzure AD Connect\u201d.<\/p>\n<p>Microsoft has <a href=\"https:\/\/redmondmag.com\/articles\/2021\/09\/16\/azure-virtual-desktop--supports-end-users-via-azure-ad.aspx\" target=\"blank\" rel=\"noopener noreferrer\">recently enabled<\/a> organizations using the Azure Virtual Desktop (AVD) virtual desktop infrastructure (VDI) service to support the so-called &#8220;cloud-only users.&#8221;<\/p>\n<p>Azure AD is now the core mechanism through which enterprises can manage different applications, devices, and users across several tenants. Organizations use Azure AD for controlling identity and access management, allowing sign-in to multiple Microsoft applications and hundreds of SaaS applications seamlessly, protecting users from malicious threat actors and importantly allowing collaboration between external guests and Azure AD users.<\/p>\n<p style=\"margin-bottom: 15px;\">There are several methods to add users to your Azure AD:<\/p>\n<ul>\n<li>Most organizations that already use On-Premises Active Directory can use Azure AD Connect to sync their users and groups to Azure AD.<\/li>\n<li>You can manually create the users in Azure AD management portal.<\/li>\n<li>Users can be added by running AAD cmdlets.<\/li>\n<li>Users can be added via the <a href=\"https:\/\/docs.microsoft.com\/en-us\/graph\/use-the-api\" target=\"blank\" rel=\"noopener noreferrer\">Azure AD Graph API.<\/a><\/li>\n<\/ul>\n<p>With Microsoft <a href=\"https:\/\/www.theregister.com\/2021\/09\/16\/azure_virtual_desktop_ad\/\" target=\"blank\" rel=\"noopener noreferrer\">recently announcing general availability for Azure Virtual Desktop (AVD) with the VMs joined to Azure AD rather than Active Directory,<\/a> there will be a trend for some users to move to Azure AD where possible.<\/p>\n<p style=\"margin-bottom: 15px;\">So, user accounts in Azure AD can grow quickly based on the business\/organizational requirements. As Azure AD resides on the cloud, tenants are vulnerable to ransomware attacks, password spraying, brute force attacks, etc. Examples of recent Azure AD attacks and known security concerns, include:<\/p>\n<ul>\n<li><a href=\"https:\/\/hackernoon.com\/azure-brute-farce-17e27dc05f85\" target=\"blank\" rel=\"noopener noreferrer\">How Azure AD Could Be Vulnerable to Brute-Force and DOS Attacks<\/a><\/li>\n<li><a href=\"https:\/\/arstechnica.com\/information-technology\/2021\/09\/new-azure-active-directory-password-brute-forcing-flaw-has-no-fix\/\" target=\"blank\" rel=\"noopener noreferrer\">New Azure Active Directory password brute-forcing flaw has no fix<\/a><\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.eginnovations.com\/supported-technologies\/azure-virtual-desktop-monitoring-avd\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-19872\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-banner.jpg\" alt=\"\" width=\"850\" height=\"170\" border=\"0\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-banner.jpg 850w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-banner-300x60.jpg 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-banner-768x154.jpg 768w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-banner-800x160.jpg 800w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-banner-310x62.jpg 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-banner-140x28.jpg 140w\" sizes=\"auto, (max-width: 850px) 100vw, 850px\" \/><\/a><\/p>\n<h2>Key questions that administrators of Azure Active Directory need answers to:<\/h2>\n<p style=\"margin-bottom: 15px;\">Ideally, an Azure administrator will need to find out (and better still, proactively monitor) the following from the Azure AD:<\/p>\n<ul>\n<li>How many users have been created in Azure AD?<\/li>\n<li>How many users are synced from On-Premises Active Directory and where were they synced and when did the last synchronization happen?<\/li>\n<li>How many users have weak passwords?<\/li>\n<li>How many users have a password with \u201cis set not to expire\u201d status?<\/li>\n<li>Are there any unlicensed users in the Azure tenant?<\/li>\n<li>Are there any disabled accounts in the Azure tenant?<\/li>\n<li>Are there any user accounts that are not part of any of the Azure AD Groups?<\/li>\n<li>Are there any stale user accounts in the Azure tenant?<\/li>\n<li>Have there been any malicious sign-in attempts?<\/li>\n<li>Have any risky sign-ins happened recently?<\/li>\n<li>Are any App registrations going to expire either in client secrets or SSL certificates?<\/li>\n<li>What are the roles and permissions of App registrations?<\/li>\n<li>Have any brute force attacks happened recently for the tenant?<\/li>\n<\/ul>\n<h2>What is available for tracking users in Azure Active Directory today?<\/h2>\n<p>Microsoft Azure Active Directory provides a flat overview screen (see Figure 2 below). This is a grid-like view that rapidly becomes unwieldy as the number of users increases beyond a handful.<\/p>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-ad-console-view.jpg\" data-rel=\"lightbox-image-1\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-20411\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-ad-console.jpg\" alt=\"Azure AD console\" width=\"750\" height=\"294\" border=\"0\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-ad-console.jpg 750w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-ad-console-300x118.jpg 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-ad-console-310x122.jpg 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-ad-console-140x55.jpg 140w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/a><\/p>\n<div class=\"img_caption\">Figure 2: Azure AD console showing users and their details<\/div>\n<p>To identity misuse and breaches, Azure AD administrators have to use the native Azure Monitor, augment it with custom Kusto Queries (KQL), and then rely on Log Analytics Workspaces and workbooks available via GitHub repository for detection and analysis.<\/p>\n<p>Azure expert Marius Sandbu\u2019s recent tutorial <a href=\"https:\/\/msandbu.org\/auditing-and-security-monitoring-of-azure-active-directory\/\" target=\"blank\" rel=\"noopener noreferrer\">\u201cAuditing and Security Monitoring of Azure Active Directory\u201d<\/a> includes details on getting started with Kusto.<\/p>\n<p>The whole process of analyzing Azure metrics and writing custom KQL queries is time-consuming and needs expertise in terms of what you are looking for and where.<\/p>\n<div class=\"link_list_style\" style=\"padding: 1px 25px 20px;\">\n<h3 style=\"margin-bottom: 20px;\">What is a Kusto Query?<\/h3>\n<p style=\"margin-bottom: 15px;\"><a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/data-explorer\/kusto\/query\/\">Azure Data Explorer aka Kusto<\/a> is a log analytics cloud platform optimized for ad-hoc big data queries.<\/p>\n<p>A Kusto query is a read-only request to process data and return results. The request is stated in plain text, using a data-flow model designed to make the syntax easy to read, author, and automate. The query uses schema entities that are organized in a hierarchy similar to SQL&#8217;s: databases, tables, and columns.<\/p>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/kusto-query-view.jpg\" data-rel=\"lightbox-image-2\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-20413\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/kusto-query.jpg\" alt=\"What is a Kusto Query?\" width=\"750\" height=\"270\" border=\"0\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/kusto-query.jpg 750w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/kusto-query-300x108.jpg 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/kusto-query-310x112.jpg 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/kusto-query-140x50.jpg 140w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/a><\/p>\n<\/div>\n<h2>Monitoring Azure Active Directory Users with eG Enterprise<\/h2>\n<p><a href=\"https:\/\/www.eginnovations.com\/supported-technologies\/azure-active-directory-monitoring-tools\">eG Enterprise\u2019s Azure Active Directory monitoring<\/a> answers all the common questions about Azure AD users out of the box without having to write any KQL queries. Dashboards can be accessed out of the box or created with just a few clicks without having to rely on public domain workbooks.<\/p>\n<p>Besides continually monitoring logs, metrics, and error messages, eG Enterprise also automatically performs deeper diagnostic tests, if issues exist. For example, if inactive users are detected or failed logins occur, details on those users or reasons for failure are collected and analyzed.<\/p>\n<p>Coupled with automated static and dynamic thresholds, anomalies, and unusual events automatically trigger notifications that pinpoint the underlying root cause of the problem.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-20415\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-admin-screen.jpg\" alt=\"Azure administration screen\" width=\"750\" height=\"388\" border=\"0\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-admin-screen.jpg 750w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-admin-screen-300x155.jpg 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-admin-screen-310x160.jpg 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-admin-screen-140x72.jpg 140w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-20416\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-admin-password-details.jpg\" alt=\"Azure administration password details screen\" width=\"750\" height=\"234\" border=\"0\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-admin-password-details.jpg 750w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-admin-password-details-300x94.jpg 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-admin-password-details-310x97.jpg 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-admin-password-details-140x44.jpg 140w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/p>\n<p style=\"margin-bottom: 15px;\">The detailed diagnosis provided enables an Azure AD administrator to instantly access additional details, for example:<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Details of stale users (Users, who are not signed-in in the last 90 days)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-admin-stale-users-view.jpg\" data-rel=\"lightbox-image-3\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-20417\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-admin-stale-users.jpg\" alt=\"Azure administration stale users screen\" width=\"750\" height=\"223\" border=\"0\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-admin-stale-users.jpg 750w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-admin-stale-users-300x89.jpg 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-admin-stale-users-310x92.jpg 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-admin-stale-users-140x42.jpg 140w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/a><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Details of users, who are not signed-in after they are created in Azure AD<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-admin-users-not-signed-in-view.jpg\" data-rel=\"lightbox-image-4\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-20419\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-admin-users-not-signed-in.jpg\" alt=\"Users not signed in\" width=\"750\" height=\"227\" border=\"0\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-admin-users-not-signed-in.jpg 750w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-admin-users-not-signed-in-300x91.jpg 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-admin-users-not-signed-in-310x94.jpg 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-admin-users-not-signed-in-140x42.jpg 140w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/a><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Details of users whose passwords do not expire (subject to attacks, if exposed)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-administrator-user-principal-screen-view.jpg\" data-rel=\"lightbox-image-5\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-20421\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-administrator-user-principal-screen.jpg\" alt=\"Azure administration user principal screen\" width=\"750\" height=\"400\" border=\"0\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-administrator-user-principal-screen.jpg 750w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-administrator-user-principal-screen-300x160.jpg 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-administrator-user-principal-screen-310x165.jpg 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-administrator-user-principal-screen-140x75.jpg 140w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/www.eginnovations.com\/product\/application-performance-monitoring\/free-trial\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-20830\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/01\/Azure-AD-trial-banner.jpg\" alt=\"\" width=\"850\" height=\"180\" border=\"0\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/01\/Azure-AD-trial-banner.jpg 850w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/01\/Azure-AD-trial-banner-300x64.jpg 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/01\/Azure-AD-trial-banner-768x163.jpg 768w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/01\/Azure-AD-trial-banner-800x169.jpg 800w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/01\/Azure-AD-trial-banner-310x66.jpg 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/01\/Azure-AD-trial-banner-140x30.jpg 140w\" sizes=\"auto, (max-width: 850px) 100vw, 850px\" \/><\/a><\/p>\n<p style=\"margin-bottom: 15px;\">Beyond the real-time monitoring component, the core eG Enterprise product allows data which is collected to be accessed via:<\/p>\n<ul>\n<li>Fully customizable dashboards, popular for frontline helpdesk usage that can be published on role-based identities and in kiosk (\u201cTV Mode\u201d) to large screens \u2013 see <a href=\"https:\/\/www.eginnovations.com\/documentation\/Monitoring-Using-eG-Enterprise-Suite\/How-to-Add-a-Custom-Dashboard.htm\" rel=\"noopener noreferrer\">How to Add a Custom Dashboard (eginnovations.com)<\/a><\/li>\n<li>Fully featured administrator apps for Android and iOS &#8211; see <a href=\"https:\/\/www.eginnovations.com\/blog\/it-remote-monitoring-software\/\" rel=\"noopener noreferrer\">IT Remote Monitoring Software <\/a><\/li>\n<li>Full API integrations with SMS\/Email alerting and service\/helpdesk tools, such ServiceNOW, Jira, Slack, Autotask, and more. Ensure incidents with Azure AD are fully managed by process, see <a href=\"https:\/\/www.eginnovations.com\/blog\/service-help-desk-automation\/\" rel=\"noopener noreferrer\">Service and Help Desk Automation Strategies | eG Innovations.<\/a><\/li>\n<li>Historical reporting and insights analysis for management visibility and forecasting\/capacity planning \u2013 see <a href=\"https:\/\/www.eginnovations.com\/documentation\/The-eG-Reporter\/The-eG-Reporter.htm\" rel=\"noopener noreferrer\">The eG Reporter (eginnovations.com)<\/a><\/li>\n<li>AIOps capabilities using Machine Learning technologies learn what is normal user behavior for organizations and provide alerting of anomalous behavior that may be indicative of malicious access attempts, <a href=\"https:\/\/www.eginnovations.com\/blog\/aiops-tools-capabilities\/\" rel=\"noopener noreferrer\">learn more.<\/a><\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-admin-management-view.jpg\" data-rel=\"lightbox-image-6\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-20423\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-admin-management.jpg\" alt=\"Azure administration management screen\" width=\"750\" height=\"306\" border=\"0\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-admin-management.jpg 750w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-admin-management-300x122.jpg 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-admin-management-310x126.jpg 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/azure-admin-management-140x57.jpg 140w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/a><\/p>\n<p>In my next blog post, I intend to cover how eG Enterprise can help in finding malicious sign-in attempts and brute force attacks via our comprehensive monitoring for Azure Audit logs and Sign-In logs.<\/p>\n<p style=\"margin-bottom: 15px;\">Many of our customers use eG Enterprise to monitor other components and their Azure infrastructure and beyond to other clouds and on-premises infrastructure and applications, please see links for information on monitoring:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.eginnovations.com\/supported-technologies\/azure-monitoring\" rel=\"noopener noreferrer\">Azure Monitoring<\/a><\/li>\n<li><a href=\"https:\/\/www.eginnovations.com\/supported-technologies\/azure-virtual-desktop-monitoring-avd\" rel=\"noopener noreferrer\">Azure AVD (Azure Virtual Desktops) Monitoring<\/a><\/li>\n<li><a href=\"https:\/\/www.eginnovations.com\/supported-technologies\/microsoft-monitoring\" rel=\"noopener noreferrer\">Microsoft Monitoring: One-Stop Shop for Everything Microsoft<\/a><\/li>\n<li><a href=\"https:\/\/www.eginnovations.com\/product\/technologies\" rel=\"noopener noreferrer\">Other technologies supported by eG Enterprise<\/a><\/li>\n<\/ul>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>This blog post is part 2 of our Monitoring Microsoft Azure Active Directory series. See How to monitor Azure Active Directory for more articles on monitoring Azure AD. Managing Identity is a big challenge in a cloud environment, especially when users can potentially log in from anywhere. Additionally, users can often use different types of [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":20668,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_lmt_disableupdate":"no","_lmt_disable":"","footnotes":""},"categories":[404],"tags":[560,637,558,572,559,827,828],"class_list":["post-20376","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-azure-monitoring","tag-azure-active-directory","tag-azure-active-directory-monitoring","tag-azure-ad","tag-azure-ad-monitoring","tag-azure-ad-users","tag-monitoring-azure-active-directory","tag-monitoring-azure-ad"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Monitoring Azure Active Directory Users | eG Innovations<\/title>\n<meta name=\"description\" content=\"Enable right key checks for monitoring AAD to manage users while evaluating your auditing, security, and visibility needs. Learn more.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.eginnovations.com\/blog\/track-users-azure-active-directory\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Monitor Azure Active Directory \u2013 AD \u2013 part 2 | eG Innovations\" \/>\n<meta property=\"og:description\" content=\"Managing identity is a major challenge, especially in a cloud environment. Learn more about the importance of monitoring active users in the Azure Active Directory.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.eginnovations.com\/blog\/track-users-azure-active-directory\/\" \/>\n<meta property=\"og:site_name\" content=\"eG Innovations\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/eGInnovations\" \/>\n<meta property=\"article:published_time\" content=\"2022-02-02T13:39:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-08T07:22:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/AzurePart2-fb.jpg\" \/>\n<meta name=\"author\" content=\"Babu Sundaram\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Monitor Azure Active Directory \u2013 AD \u2013 part 2 | eG Innovations\" \/>\n<meta name=\"twitter:description\" content=\"Managing identity is a major challenge, especially in a cloud environment. Learn more about the importance of monitoring active users in the Azure Active Directory.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/AzurePart2-fb.jpg\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/virtualinfra76?lang=en\" \/>\n<meta name=\"twitter:site\" content=\"@eginnovations\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Babu Sundaram\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Monitoring Azure Active Directory Users | eG Innovations","description":"Enable right key checks for monitoring AAD to manage users while evaluating your auditing, security, and visibility needs. Learn more.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.eginnovations.com\/blog\/track-users-azure-active-directory\/","og_locale":"en_US","og_type":"article","og_title":"Monitor Azure Active Directory \u2013 AD \u2013 part 2 | eG Innovations","og_description":"Managing identity is a major challenge, especially in a cloud environment. Learn more about the importance of monitoring active users in the Azure Active Directory.","og_url":"https:\/\/www.eginnovations.com\/blog\/track-users-azure-active-directory\/","og_site_name":"eG Innovations","article_publisher":"https:\/\/www.facebook.com\/eGInnovations","article_published_time":"2022-02-02T13:39:51+00:00","article_modified_time":"2024-04-08T07:22:02+00:00","og_image":[{"url":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/AzurePart2-fb.jpg","type":"","width":"","height":""}],"author":"Babu Sundaram","twitter_card":"summary_large_image","twitter_title":"Monitor Azure Active Directory \u2013 AD \u2013 part 2 | eG Innovations","twitter_description":"Managing identity is a major challenge, especially in a cloud environment. Learn more about the importance of monitoring active users in the Azure Active Directory.","twitter_image":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/AzurePart2-fb.jpg","twitter_creator":"@https:\/\/twitter.com\/virtualinfra76?lang=en","twitter_site":"@eginnovations","twitter_misc":{"Written by":"Babu Sundaram","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.eginnovations.com\/blog\/track-users-azure-active-directory\/#article","isPartOf":{"@id":"https:\/\/www.eginnovations.com\/blog\/track-users-azure-active-directory\/"},"author":{"name":"Babu Sundaram","@id":"https:\/\/www.eginnovations.com\/blog\/#\/schema\/person\/5f7590f77be55ecf13f1b8d915ac39df"},"headline":"Monitoring and Managing Azure Active Directory Users","datePublished":"2022-02-02T13:39:51+00:00","dateModified":"2024-04-08T07:22:02+00:00","mainEntityOfPage":{"@id":"https:\/\/www.eginnovations.com\/blog\/track-users-azure-active-directory\/"},"wordCount":1394,"commentCount":0,"publisher":{"@id":"https:\/\/www.eginnovations.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.eginnovations.com\/blog\/track-users-azure-active-directory\/#primaryimage"},"thumbnailUrl":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/AzurePart2-thumbnail.jpg","keywords":["Azure Active Directory","Azure Active Directory Monitoring","Azure AD","Azure AD Monitoring","Azure AD users","Monitoring Azure Active Directory","Monitoring Azure AD"],"articleSection":["Azure Monitoring"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.eginnovations.com\/blog\/track-users-azure-active-directory\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.eginnovations.com\/blog\/track-users-azure-active-directory\/","url":"https:\/\/www.eginnovations.com\/blog\/track-users-azure-active-directory\/","name":"Monitoring Azure Active Directory Users | eG Innovations","isPartOf":{"@id":"https:\/\/www.eginnovations.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.eginnovations.com\/blog\/track-users-azure-active-directory\/#primaryimage"},"image":{"@id":"https:\/\/www.eginnovations.com\/blog\/track-users-azure-active-directory\/#primaryimage"},"thumbnailUrl":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/AzurePart2-thumbnail.jpg","datePublished":"2022-02-02T13:39:51+00:00","dateModified":"2024-04-08T07:22:02+00:00","description":"Enable right key checks for monitoring AAD to manage users while evaluating your auditing, security, and visibility needs. Learn more.","breadcrumb":{"@id":"https:\/\/www.eginnovations.com\/blog\/track-users-azure-active-directory\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.eginnovations.com\/blog\/track-users-azure-active-directory\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.eginnovations.com\/blog\/track-users-azure-active-directory\/#primaryimage","url":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/AzurePart2-thumbnail.jpg","contentUrl":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2021\/12\/AzurePart2-thumbnail.jpg","width":362,"height":235},{"@type":"BreadcrumbList","@id":"https:\/\/www.eginnovations.com\/blog\/track-users-azure-active-directory\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.eginnovations.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Monitoring and Managing Azure Active Directory Users"}]},{"@type":"WebSite","@id":"https:\/\/www.eginnovations.com\/blog\/#website","url":"https:\/\/www.eginnovations.com\/blog\/","name":"eG Innovations","description":"IT Performance Monitoring Insights","publisher":{"@id":"https:\/\/www.eginnovations.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.eginnovations.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.eginnovations.com\/blog\/#organization","name":"eG Innovations","alternateName":"eg innovations","url":"https:\/\/www.eginnovations.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.eginnovations.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2014\/07\/eg-logo-dark-gray1_new.jpg","contentUrl":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2014\/07\/eg-logo-dark-gray1_new.jpg","width":362,"height":235,"caption":"eG Innovations"},"image":{"@id":"https:\/\/www.eginnovations.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/eGInnovations","https:\/\/x.com\/eginnovations"]},{"@type":"Person","@id":"https:\/\/www.eginnovations.com\/blog\/#\/schema\/person\/5f7590f77be55ecf13f1b8d915ac39df","name":"Babu Sundaram","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.eginnovations.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d28fef01834f3b388d7d825216013937?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d28fef01834f3b388d7d825216013937?s=96&d=mm&r=g","caption":"Babu Sundaram"},"sameAs":["https:\/\/x.com\/https:\/\/twitter.com\/virtualinfra76?lang=en"],"url":"https:\/\/www.eginnovations.com\/blog\/author\/babusundaram\/"}]}},"modified_by":"eG Innovations","_links":{"self":[{"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/posts\/20376","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/comments?post=20376"}],"version-history":[{"count":0,"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/posts\/20376\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/media\/20668"}],"wp:attachment":[{"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/media?parent=20376"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/categories?post=20376"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/tags?post=20376"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}