{"id":22349,"date":"2022-04-25T11:20:53","date_gmt":"2022-04-25T15:20:53","guid":{"rendered":"https:\/\/www.eginnovations.com\/blog\/?p=22349"},"modified":"2024-01-01T12:55:11","modified_gmt":"2024-01-01T17:55:11","slug":"active-directory-sign-in-logs","status":"publish","type":"post","link":"https:\/\/www.eginnovations.com\/blog\/active-directory-sign-in-logs\/","title":{"rendered":"Azure AD Sign-in Log Monitoring"},"content":{"rendered":"<div class=\"inner_content\">\n<h2>How to Monitor Azure AD Sign-ins logs and Detect Attacks Proactively<\/h2>\n<p>As the Azure cloud administrator, you need to know who is accessing your cloud resources, how they are access it, what they access, what changed, when they access and from where, etc?<\/p>\n<p style=\"margin-bottom: 15px;\"><a href=\"https:\/\/www.eginnovations.com\/blog\/what-is-azure-active-directory\/\/\" target=\"blank\" rel=\"noopener noreferrer\">Azure AD<\/a> (Azure Active Directory) provides answers to above by storing the information in two logs, the information stored in them is extremely valuable for troubleshooting, monitoring and for general security related work, the logs are:<\/p>\n<ul>\n<li>Azure AD Audit log<\/li>\n<li>Azure AD Sign-ins log<\/li>\n<\/ul>\n<p>The <strong>Azure Audit log<\/strong> provides you with access to the history of every task performed in your tenant. For example, Information about changes applied to your tenant such as users and group management, updates applied to your tenant\u2019s resources, etc. In my last article, I covered comprehensive monitoring and auditing of the Audit log to ensure you know what has changed regarding who can access your systems and with what privileges, see: <a href=\"https:\/\/www.eginnovations.com\/blog\/monitor-azure-ad-audit-logs\/\" target=\"blank\" rel=\"noopener noreferrer\">https:\/\/www.eginnovations.com\/blog\/monitor-azure-ad-audit-logs\/<\/a><\/p>\n<p><strong>Azure Sign-ins log<\/strong> helps you to determine who has performed the tasks reported by the Azure Audit log. In this article I will cover how to proactively monitor and historically audit and report on Azure AD Sign-in logs.<\/p>\n<p>The Azure AD sign-ins log is an indispensable tool for troubleshooting and investigating security-related incidents in your tenant. Moreover, proactively, and constantly monitoring the Sign-ins can prevent breaches, alert administrators to malicious attacks and anomalous usage patterns and enable them to reduce their vulnerability by ensuring systems are configured to allow access only to those users and services that need access using up-to-date best practice authentication mechanisms and so on.<\/p>\n<p style=\"margin-bottom: 15px;\">With Sign-ins log, you can answer to some of these questions below:<\/p>\n<ul>\n<li>What is the sign-in pattern of a particular user, application or service?<\/li>\n<li>How many users, apps or services have signed in over a week?<\/li>\n<li>What is the status of these sign-ins?<\/li>\n<li>What is the status of conditional access defined?<\/li>\n<li>Is any legacy authentication mechanism being used for signing in?<\/li>\n<li>Has any brute-force signing attempt happened?<\/li>\n<li>Has a password spraying attempt has happened?<\/li>\n<li>Are Any malicious sign-ins happening?<\/li>\n<li>Have there been sign-in attempts with disabled accounts?<\/li>\n<li>Has any account been breached recently?<\/li>\n<\/ul>\n<p style=\"margin-bottom: 15px;\">Azure AD provides 4 types of Sign-ins logs now<\/p>\n<ul>\n<li>Classic Sign-in (Interactive Sign-ins)<\/li>\n<li>Non-Interactive Sign-ins<\/li>\n<li>Service Principal Sign-ins<\/li>\n<li>Managed Identity Sign-ins<\/li>\n<\/ul>\n<table class=\"table_design numbers\" style=\"width: 100%;\">\n<tbody>\n<tr class=\"head_table\">\n<td style=\"width: 23%;\"><strong>Log Name<\/strong><\/td>\n<td><strong>Sign-ins Detail<\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong>Interactive Sign-ins logs<\/strong><\/td>\n<td>provides the sign-in details about the user who uses authentication factor such as a password, MFA (multifactor authentication) token or QR code, etc.<\/td>\n<\/tr>\n<tr>\n<td><strong>Non-Interactive Sign-ins logs<\/strong><\/td>\n<td>provides the sign-in details of the client application that perform sign-in activity on behalf of the user without any interaction from the user in the form of password or MFA token.<\/td>\n<\/tr>\n<tr>\n<td><strong>Service Principal Sign-in logs<\/strong><\/td>\n<td>provides the sign-in details of application and services that perfmon sign-in activity on its own behalf to authenticate or access resources.<\/td>\n<\/tr>\n<tr>\n<td><strong>Managed Identity Sign-in logs<\/strong><\/td>\n<td>provides the sign-in details of Azure resources that have <a href=\"https:\/\/www.eginnovations.com\/blog\/azure-ad-app-client-secret-certificate-expirations-alerts\/\" target=\"blank\" rel=\"noopener noreferrer\">secrets<\/a> managed by Azure in Key Vault service. Managed identities provide an identity for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3>Required Permissions<\/h3>\n<p style=\"margin-bottom: 15px;\">You need to be a Global Administrator or the user with one of the following Azure roles to access the above sign-in data and Azure AD workbook reports:<\/p>\n<ul>\n<li>Security administrator<\/li>\n<li>Security reader<\/li>\n<li>Global reader<\/li>\n<li>Reports reader<\/li>\n<\/ul>\n<h3>License Required to Access Sign-ins Report<\/h3>\n<p>Azure AD Premium P1 or P2 license is required to fetch the above information using the Graph API (Application Programming Interface) programmatically. Azure AD stores the sign-ins data for <strong>30 days for premium P1 or P2 license<\/strong> whereas it stores for <strong>7 days alone for Azure Free license.<\/strong> If you want to store this data for longer period for compliance reasons, you can route it to Azure Storage account.<\/p>\n<p>A screenshot of default report workbook available on Azure AD tenant is shown below<\/p>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/04\/azure-ad-monitoring-tenant-screen-viewimage.jpg\" data-rel=\"lightbox-image-0\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-22726\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/04\/azure-ad-monitoring-tenant-screen.jpg?new\" alt=\"Azure AD Monitoring Tenant Screen\" width=\"750\" height=\"191\" border=\"0\" \/><\/a><\/p>\n<p style=\"margin-bottom: 15px;\">The workbook allows manual examination by an administrator but in practice many Azure AD admins use <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/data-explorer\/kusto\/query\/\" target=\"blank\" rel=\"noopener noreferrer\">KQL (Kusto Query Language) queries<\/a> or import workbooks from the community Git repositories for generating reports that are not available by default. Additionally, you can use <a href=\"https:\/\/azure.microsoft.com\/en-gb\/services\/microsoft-sentinel\/\" target=\"blank\" rel=\"noopener noreferrer\">Microsoft Sentinel<\/a> for Azure AD sign-ins reports as an additional paid for service, Microsoft Sentinel is charged based on<\/p>\n<ul>\n<li>Ingestion of Sign-in data per GB.<\/li>\n<li>Retention of data \u2013 Free for first 90 days and charged per GB per month.<\/li>\n<\/ul>\n<p>The Sign-ins log is a treasure trove for threat hunting actively and a gold mine for security operation centre. <strong>Marius Sandbu<\/strong> explained the Azure AD threat hunting in his blogs, <a href=\"https:\/\/msandbu.org\/threat-hunting-in-microsoft-azure\/\" target=\"blank\" rel=\"noopener noreferrer\">&#8220;Threat Hunting in Microsoft Azure&#8221;<\/a> and <a href=\"https:\/\/msandbu.org\/auditing-and-security-monitoring-of-azure-active-directory\/\" target=\"blank\" rel=\"noopener noreferrer\">\u201cAuditing and Security Monitoring of Azure Active Directory&#8221;.<\/a> Similarly, Microsoft\u2019s <strong>Christiaan Brinkhoff<\/strong> has written about increasing the security level of AVD environment with Azure conditional access: <a href=\"https:\/\/christiaanbrinkhoff.com\/2020\/03\/23\/learn-how-to-increase-the-security-level-of-your-windows-virtual-desktop-environment-e-g-windows-client-with-azure-mfa-and-conditional-access\/\" target=\"blank\" rel=\"noopener noreferrer\">&#8220;Learn how to increase the security level of your Azure Virtual Desktop environment (e.g. Windows Client) with Azure MFA and Conditional Access&#8221;. <\/a><\/p>\n<p>Beyond security though proactive alerting of sign in failures and problems enables IT administrators to rapidly identify users having problems accessing resources or applications, service availability issues allowing rapid remediation to minimise those impacted. Help desk operators can rapidly provide support to individual users reporting problems logging in identifying common user errors or issues such as mis-typing passwords or failing to use MFA.<\/p>\n<h2>How eG Enterprise Monitors Azure AD Sign-ins Logs?<\/h2>\n<p>eG Enterprise Azure AD monitoring monitors all types of Sign-ins log, records and stores them. So, you can store this data for a longer period for compliance reasons. eG also allows you to slice and dice this data without writing any KQL queries or importing the workbooks from community repositories using custom reports and dashboards.<\/p>\n<p style=\"margin-bottom: 15px;\">eG Azure AD Sign-ins monitoring helps you to find answers to questions such as:<\/p>\n<ul>\n<li>How many sign-ins happened recently?<\/li>\n<li>How many of them succeeded and how many failed?<\/li>\n<li>Have any risky sign-ins happened recently?<\/li>\n<li>How many people are using single-factor and multi-factor authentication?<\/li>\n<li>Is any legacy authentication being used for sign-ins?<\/li>\n<li>Does the failed sign-ins happen due to conditional access failure?<\/li>\n<li>Have any brute-force and password spraying sign-ins attacks occurred recently?<\/li>\n<li>Have there been any malicious sign-ins attempt recently?<\/li>\n<li>How many users are registered for MFA and what method(s) are used they registered for?<\/li>\n<\/ul>\n<p>Out-of-the-box eG proactively scans and monitors the logs, alerting thresholds are set on key metrics and raise alerts on events that may be of concern. Additional alerts can be set via the simple GUI. Beyond this information about the Sign-in logs can be accessed via dashboards and comprehensive reports that can be scheduled to ensure regular traceable auditing. As an AIOPs (Artificial Intelligence for Operations) platform eG Enterprise applies machine learning to your data to learn and baseline normal usage patterns, more details of these capabilities <a href=\"https:\/\/www.eginnovations.com\/blog\/aiops-tools-capabilities\/\" target=\"blank\" rel=\"noopener noreferrer\">are covered here.<\/a><\/p>\n<p>eG Enterprise reports the following metrics for Interactive sign-ins:<\/p>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/04\/azure-interactive-sign-ins-view.jpg\" data-rel=\"lightbox-image-1\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-22789\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/04\/azure-interactive-sign-ins-1.jpg\" alt=\"Azure Interactive Sign Ins\" width=\"750\" height=\"904\" border=\"0\" \/><\/a><\/p>\n<div class=\"img_caption\">Figure 2: The magnifying glass icon indicates that deeper diagnostic data is available for that event\/metric e.g., the details of the failed sign-ins.<\/div>\n<p>eG Enterprise reports the following metrics for Service Principal sign-ins:<\/p>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/04\/azure-non-interactive-sign-ins-viewimage.jpg\" data-rel=\"lightbox-image-2\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-22791\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/04\/azure-non-interactive-sign-ins.jpg\" alt=\"Azure Non Interactive Sign Ins\" width=\"750\" height=\"365\" border=\"0\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/04\/azure-non-interactive-sign-ins.jpg 750w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/04\/azure-non-interactive-sign-ins-300x146.jpg 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/04\/azure-non-interactive-sign-ins-310x151.jpg 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/04\/azure-non-interactive-sign-ins-140x68.jpg 140w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/a><\/p>\n<p>eG Enterprise reports the following metrics for Non-Interactive sign-ins:<\/p>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/04\/azure-adi-signins-view.jpg\" data-rel=\"lightbox-image-3\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-22794\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/04\/azure-adi-signins-1.jpg\" alt=\"Azure AD Sign Ins\" width=\"750\" height=\"630\" border=\"0\" \/><\/a><\/p>\n<p>eG Enterprise reports the following metrics for Managed Identity sign-ins:<\/p>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/04\/azure-managed-identity-sign-ins-viewimage.jpg\" data-rel=\"lightbox-image-4\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-22796\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/04\/azure-managed-identity-sign-ins.jpg\" alt=\"Azure Managed Identity Sign Ins\" width=\"750\" height=\"365\" border=\"0\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/04\/azure-managed-identity-sign-ins.jpg 750w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/04\/azure-managed-identity-sign-ins-300x146.jpg 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/04\/azure-managed-identity-sign-ins-310x151.jpg 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/04\/azure-managed-identity-sign-ins-140x68.jpg 140w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/a><\/p>\n<p>The data collected by eG Enterprise includes deep diagnostics that can be accessed via the layer model GUI but also within dashboards and reports. eG Enterprise allows administrators to create and publish their own custom dashboards and reports as required. If you are unfamiliar with the eG Enterprise User interface, you may like to check out some of <a href=\"https:\/\/www.youtube.com\/watch?v=mzhDMcfWF3I&amp;list=PL8QsLiuaAeDm8XCvM3gw5P6IJ2y3plTuQ\" target=\"blank\" rel=\"noopener noreferrer\">our short overview videos. <\/a><\/p>\n<h3>Example Dashboards and Reports of Sign-in Log data<\/h3>\n<p>Dashboards providing overviews can be an extremely useful way to overview usage patterns and many common malicious attack mechanisms have distinctive patterns.<\/p>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/azure-ad-monitoring-dahboards-view.jpg\" data-rel=\"lightbox-image-5\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-22736\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/azure-ad-monitoring-dahboards.jpg\" alt=\"Azure AD Monitoring Dashboards\" width=\"750\" height=\"174\" border=\"0\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/azure-ad-monitoring-dahboards.jpg 750w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/azure-ad-monitoring-dahboards-300x70.jpg 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/azure-ad-monitoring-dahboards-310x72.jpg 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/azure-ad-monitoring-dahboards-140x32.jpg 140w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/a><\/p>\n<div class=\"img_caption\">Figure 6: Overall sign-in data overview<\/div>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/interactive-sign-ins-details-view.jpg\" data-rel=\"lightbox-image-6\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-22738\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/interactive-sign-ins-details.jpg\" alt=\"Interactive Sign Ins Using Single Factor Authentication\" width=\"750\" height=\"174\" border=\"0\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/interactive-sign-ins-details.jpg 750w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/interactive-sign-ins-details-300x70.jpg 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/interactive-sign-ins-details-310x72.jpg 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/interactive-sign-ins-details-140x32.jpg 140w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/a><\/p>\n<div class=\"img_caption\">Figure 7: Investigating the details of Interactive Sign-ins using Single factor authentication<\/div>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/failed-sign-ins-view.jpg\" data-rel=\"lightbox-image-7\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-22740\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/failed-sign-ins.jpg\" alt=\"Failed Sign Ins Screen\" width=\"750\" height=\"264\" border=\"0\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/failed-sign-ins.jpg 750w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/failed-sign-ins-300x106.jpg 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/failed-sign-ins-310x109.jpg 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/failed-sign-ins-140x49.jpg 140w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/a><\/p>\n<div class=\"img_caption\">Figure 8: Instant access to the details of Failed Sign-ins<\/div>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/service-principal-sign-ins-view.jpg\" data-rel=\"lightbox-image-8\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-22742\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/service-principal-sign-ins.jpg\" alt=\"Service Principal Sign Ins\" width=\"750\" height=\"242\" border=\"0\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/service-principal-sign-ins.jpg 750w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/service-principal-sign-ins-300x97.jpg 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/service-principal-sign-ins-310x100.jpg 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/service-principal-sign-ins-140x45.jpg 140w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/a><\/p>\n<div class=\"img_caption\">Figure 9: Monitoring Service Principal Sign-ins to ensure those services are up<\/div>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/users-issues-view.jpg\" data-rel=\"lightbox-image-9\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-22743\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/users-issues.jpg\" alt=\"Users and Applications Screen\" width=\"750\" height=\"242\" border=\"0\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/users-issues.jpg 750w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/users-issues-300x97.jpg 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/users-issues-310x100.jpg 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/users-issues-140x45.jpg 140w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/a><\/p>\n<div class=\"img_caption\">Figure 10: Identify issues with specific applications, groups of users or geographical locations.<\/div>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/brute-force-sprayig-attack-view.jpg\" data-rel=\"lightbox-image-10\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-22745\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/brute-force-sprayig-attack.jpg\" alt=\"Brute Force Spraying Attack screen\" width=\"750\" height=\"192\" border=\"0\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/brute-force-sprayig-attack.jpg 750w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/brute-force-sprayig-attack-300x77.jpg 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/brute-force-sprayig-attack-310x79.jpg 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/brute-force-sprayig-attack-140x36.jpg 140w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/a><\/p>\n<div class=\"img_caption\">Figure 11: Brute force and password spraying attacks can be easily identified and the details examined. Here an individual user attempted to log in from numerous geographically distant locations and IP addresses.<\/div>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/service-failures-view.jpg\" data-rel=\"lightbox-image-11\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-22748\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/service-failures.jpg\" alt=\"Service Failures screen\" width=\"750\" height=\"265\" border=\"0\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/service-failures.jpg 750w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/service-failures-300x106.jpg 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/service-failures-310x110.jpg 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/service-failures-140x49.jpg 140w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/a><\/p>\n<div class=\"img_caption\">Figure 12: Steep and sudden spikes in failures often indicate a service failure and such failures often impact users in specific locations. Daily working patterns e.g., the 9 am morning logon or 1pm back from lunch surge become very clear. Anomalous behavior such as users logging on at 3am from unusual locations should trigger red flags.<\/div>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/legacy-authentication-view.jpg\" data-rel=\"lightbox-image-12\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-22749\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/legacy-authentication.jpg\" alt=\"Legacy Authentication screen\" width=\"750\" height=\"125\" border=\"0\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/legacy-authentication.jpg 750w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/legacy-authentication-300x50.jpg 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/legacy-authentication-310x52.jpg 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/legacy-authentication-140x23.jpg 140w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/a><\/p>\n<div class=\"img_caption\">Figure 13: Proactively audit legacy authentication and whether more secure mechanisms may be appropriate.<\/div>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/data-authentication-view.jpg\" data-rel=\"lightbox-image-13\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-22752\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/data-authentication.jpg\" alt=\"Azure data authentication screen\" width=\"750\" height=\"140\" border=\"0\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/data-authentication.jpg 750w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/data-authentication-300x56.jpg 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/data-authentication-310x58.jpg 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/data-authentication-140x26.jpg 140w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/a><\/p>\n<div class=\"img_caption\">Figure 14: Data on authentication can be used in modernization and transformation projects to demonstrate progress as applications are migrated to better authentication mechanisms, or used to audit the vulnerability of an organization.<\/div>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/data-vulnerability-view.jpg\" data-rel=\"lightbox-image-14\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-22754\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/data-vulnerability.jpg\" alt=\"Data Vulnerability screen\" width=\"750\" height=\"141\" border=\"0\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/data-vulnerability.jpg 750w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/data-vulnerability-300x56.jpg 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/data-vulnerability-310x58.jpg 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/data-vulnerability-140x26.jpg 140w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/a><\/p>\n<div class=\"img_caption\">Figure 15: Investigate Conditional Access<\/div>\n<p><a href=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/key-applications-view.jpg\" data-rel=\"lightbox-image-15\" data-rl_title=\"\" data-rl_caption=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-22756\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/key-applications.jpg\" alt=\"Key Applications Monitoring screen\" width=\"750\" height=\"177\" border=\"0\" srcset=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/key-applications.jpg 750w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/key-applications-300x71.jpg 300w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/key-applications-310x73.jpg 310w, https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/key-applications-140x33.jpg 140w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><\/a><\/p>\n<div class=\"img_caption\">Figure 16: Are there issues with specific key applications such as Office 365<\/div>\n<div class=\"link_list_style\" style=\"padding: 25px 20px 5px; margin-bottom: 30px;\">\n<p style=\"margin-bottom: 15px;\">Best practices to follow when configuring Azure permissions include:<\/p>\n<ul>\n<li>Enforce MFA on all user accounts<\/li>\n<li>Do not share accounts<\/li>\n<li>Each user should log in with their own identity so that the activity log can be properly audited<\/li>\n<li>Assign access to security groups not to individual accounts<\/li>\n<li>Do not assign access at the resource level where possible<\/li>\n<li>Assign access based on the least privilege access principle<\/li>\n<li>Avoid creating custom RBAC (Role Based Access Control) roles where possible<\/li>\n<li>Consider using Privileged Identity Management (PIM) for allowing temporary (just-in-time) access to resources<\/li>\n<li>Perform Access Reviews to prevent stale access assignments<\/li>\n<\/ul>\n<\/div>\n<p style=\"margin-bottom: 15px;\">This blog post is the fifth in a series covering monitoring of various aspects of Azure AD, previously I have covered:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.eginnovations.com\/blog\/what-is-azure-active-directory\/\/\" target=\"blank\" rel=\"noopener noreferrer\">An Overview of Azure Active Directory (Azure AD) \u2013 101,<\/a><\/li>\n<li><a href=\"https:\/\/www.eginnovations.com\/blog\/track-users-azure-active-directory\/\" rel=\"noopener noreferrer\">How to monitor and audit Azure AD Users<\/a> and<\/li>\n<li><a href=\"https:\/\/www.eginnovations.com\/blog\/azure-ad-app-client-secret-certificate-expirations-alerts\/\" rel=\"noopener noreferrer\">Monitoring and Alerting on Azure AD App Client Secret and Certificate Expirations<\/a><\/li>\n<li><a href=\"https:\/\/www.eginnovations.com\/blog\/monitor-azure-ad-audit-logs\/\" target=\"blank\" rel=\"noopener noreferrer\">Monitoring Azure AD Audit log<\/a><\/li>\n<\/ul>\n<p>Monitoring and analytics reporting of Azure AD helps our customers comply with many compliance and regulatory standards such as the European GDPR, Australian Privacy Act, PCI DSS, HIPAA, GLBA, FISMA, SOX, and more. Ensuring Azure AD is fully monitored helps our customers detect and respond to insider threat, privilege misuse, and other indicators of compromise, and improve their security processes.<\/p>\n<p><a href=\"https:\/\/www.eginnovations.com\/product\/application-performance-monitoring\/free-trial\" target=\"blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-22757\" src=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/04\/Azure-free-trial-banner.jpg?new\" alt=\"\" width=\"850\" height=\"160\" border=\"0\" \/><\/a><\/p>\n<h3>Further Reading<\/h3>\n<p style=\"margin-bottom: 15px;\">Many of our customers also use eG Enterprise to monitor Azure infrastructures, other clouds, and on-premises infrastructure and applications. Please see the links below for relevant information:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.eginnovations.com\/supported-technologies\/azure-monitoring\" target=\"blank\" rel=\"noopener noreferrer\">Azure Monitoring<\/a><\/li>\n<li><a href=\"https:\/\/www.eginnovations.com\/supported-technologies\/azure-virtual-desktop-monitoring-avd\" target=\"blank\" rel=\"noopener noreferrer\">Azure AVD (Azure Virtual Desktop) Monitoring<\/a><\/li>\n<li><a href=\"https:\/\/www.eginnovations.com\/supported-technologies\/microsoft-monitoring\" target=\"blank\" rel=\"noopener noreferrer\">Microsoft Monitoring: One-Stop Shop for Everything Microsoft<\/a><\/li>\n<li><a href=\"https:\/\/www.eginnovations.com\/supported-technologies\/office-365-monitoring\" target=\"blank\" rel=\"noopener noreferrer\">Office 365 Monitoring, Reporting and Performance Management<\/a><\/li>\n<li><a href=\"https:\/\/www.eginnovations.com\/product\/technologies\" target=\"blank\" rel=\"noopener noreferrer\">Other technologies supported by eG Enterprise<\/a><\/li>\n<\/ul>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>How to Monitor Azure AD Sign-ins logs and Detect Attacks Proactively As the Azure cloud administrator, you need to know who is accessing your cloud resources, how they are access it, what they access, what changed, when they access and from where, etc? Azure AD (Azure Active Directory) provides answers to above by storing the [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":22724,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_lmt_disableupdate":"no","_lmt_disable":"","footnotes":""},"categories":[404],"tags":[405,560,558,819,823,572,824,415],"class_list":["post-22349","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-azure-monitoring","tag-azure","tag-azure-active-directory","tag-azure-ad","tag-azure-ad-avd","tag-azure-ad-log-monitoring","tag-azure-ad-monitoring","tag-azure-ad-signin-logs","tag-azure-monitoring"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Azure AD Monitoring \u2013 Sign In Logs &amp; Attack Detection<\/title>\n<meta name=\"description\" content=\"Learn why proactive Azure Active Directory monitoring is important &amp; how you can monitor, examine &amp; audit the Azure AD Sign-in log to improve security.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.eginnovations.com\/blog\/active-directory-sign-in-logs\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Azure AD Monitoring \u2013 Sign In Logs &amp; Attack Detection | eG Innovations\" \/>\n<meta property=\"og:description\" content=\"Learn how to proactively monitor, examine, and audit the Azure AD Sign-in log to improve security and ensure users can access the applications they need securely.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.eginnovations.com\/blog\/active-directory-sign-in-logs\/\" \/>\n<meta property=\"og:site_name\" content=\"eG Innovations\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/eGInnovations\" \/>\n<meta property=\"article:published_time\" content=\"2022-04-25T15:20:53+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-01T17:55:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/Azure-Ad-Monitoring-Social-Banner.jpg\" \/>\n<meta name=\"author\" content=\"Babu Sundaram\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Azure AD Monitoring \u2013 Sign In Logs &amp; Attack Detection | eG Innovations\" \/>\n<meta name=\"twitter:description\" content=\"Learn how to proactively monitor, examine, and audit the Azure AD Sign-in log to improve security and ensure users can access the applications they need securely.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/Azure-Ad-Monitoring-Social-Banner.jpg\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/virtualinfra76?lang=en\" \/>\n<meta name=\"twitter:site\" content=\"@eginnovations\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Babu Sundaram\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Azure AD Monitoring \u2013 Sign In Logs & Attack Detection","description":"Learn why proactive Azure Active Directory monitoring is important & how you can monitor, examine & audit the Azure AD Sign-in log to improve security.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.eginnovations.com\/blog\/active-directory-sign-in-logs\/","og_locale":"en_US","og_type":"article","og_title":"Azure AD Monitoring \u2013 Sign In Logs & Attack Detection | eG Innovations","og_description":"Learn how to proactively monitor, examine, and audit the Azure AD Sign-in log to improve security and ensure users can access the applications they need securely.","og_url":"https:\/\/www.eginnovations.com\/blog\/active-directory-sign-in-logs\/","og_site_name":"eG Innovations","article_publisher":"https:\/\/www.facebook.com\/eGInnovations","article_published_time":"2022-04-25T15:20:53+00:00","article_modified_time":"2024-01-01T17:55:11+00:00","og_image":[{"url":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/Azure-Ad-Monitoring-Social-Banner.jpg","type":"","width":"","height":""}],"author":"Babu Sundaram","twitter_card":"summary_large_image","twitter_title":"Azure AD Monitoring \u2013 Sign In Logs & Attack Detection | eG Innovations","twitter_description":"Learn how to proactively monitor, examine, and audit the Azure AD Sign-in log to improve security and ensure users can access the applications they need securely.","twitter_image":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/Azure-Ad-Monitoring-Social-Banner.jpg","twitter_creator":"@https:\/\/twitter.com\/virtualinfra76?lang=en","twitter_site":"@eginnovations","twitter_misc":{"Written by":"Babu Sundaram","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.eginnovations.com\/blog\/active-directory-sign-in-logs\/#article","isPartOf":{"@id":"https:\/\/www.eginnovations.com\/blog\/active-directory-sign-in-logs\/"},"author":{"name":"Babu Sundaram","@id":"https:\/\/www.eginnovations.com\/blog\/#\/schema\/person\/5f7590f77be55ecf13f1b8d915ac39df"},"headline":"Azure AD Sign-in Log Monitoring","datePublished":"2022-04-25T15:20:53+00:00","dateModified":"2024-01-01T17:55:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.eginnovations.com\/blog\/active-directory-sign-in-logs\/"},"wordCount":1740,"commentCount":0,"publisher":{"@id":"https:\/\/www.eginnovations.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.eginnovations.com\/blog\/active-directory-sign-in-logs\/#primaryimage"},"thumbnailUrl":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/Azure-Ad-Monitoring-Thumbnail.jpg","keywords":["Azure","Azure Active Directory","Azure AD","Azure ad avd","Azure AD log monitoring","Azure AD Monitoring","Azure AD signin logs","Azure Monitoring"],"articleSection":["Azure Monitoring"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.eginnovations.com\/blog\/active-directory-sign-in-logs\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.eginnovations.com\/blog\/active-directory-sign-in-logs\/","url":"https:\/\/www.eginnovations.com\/blog\/active-directory-sign-in-logs\/","name":"Azure AD Monitoring \u2013 Sign In Logs & Attack Detection","isPartOf":{"@id":"https:\/\/www.eginnovations.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.eginnovations.com\/blog\/active-directory-sign-in-logs\/#primaryimage"},"image":{"@id":"https:\/\/www.eginnovations.com\/blog\/active-directory-sign-in-logs\/#primaryimage"},"thumbnailUrl":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/Azure-Ad-Monitoring-Thumbnail.jpg","datePublished":"2022-04-25T15:20:53+00:00","dateModified":"2024-01-01T17:55:11+00:00","description":"Learn why proactive Azure Active Directory monitoring is important & how you can monitor, examine & audit the Azure AD Sign-in log to improve security.","breadcrumb":{"@id":"https:\/\/www.eginnovations.com\/blog\/active-directory-sign-in-logs\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.eginnovations.com\/blog\/active-directory-sign-in-logs\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.eginnovations.com\/blog\/active-directory-sign-in-logs\/#primaryimage","url":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/Azure-Ad-Monitoring-Thumbnail.jpg","contentUrl":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2022\/03\/Azure-Ad-Monitoring-Thumbnail.jpg","width":362,"height":235},{"@type":"BreadcrumbList","@id":"https:\/\/www.eginnovations.com\/blog\/active-directory-sign-in-logs\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.eginnovations.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Azure AD Sign-in Log Monitoring"}]},{"@type":"WebSite","@id":"https:\/\/www.eginnovations.com\/blog\/#website","url":"https:\/\/www.eginnovations.com\/blog\/","name":"eG Innovations","description":"IT Performance Monitoring Insights","publisher":{"@id":"https:\/\/www.eginnovations.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.eginnovations.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.eginnovations.com\/blog\/#organization","name":"eG Innovations","alternateName":"eg innovations","url":"https:\/\/www.eginnovations.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.eginnovations.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2014\/07\/eg-logo-dark-gray1_new.jpg","contentUrl":"https:\/\/www.eginnovations.com\/blog\/wp-content\/uploads\/2014\/07\/eg-logo-dark-gray1_new.jpg","width":362,"height":235,"caption":"eG Innovations"},"image":{"@id":"https:\/\/www.eginnovations.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/eGInnovations","https:\/\/x.com\/eginnovations"]},{"@type":"Person","@id":"https:\/\/www.eginnovations.com\/blog\/#\/schema\/person\/5f7590f77be55ecf13f1b8d915ac39df","name":"Babu Sundaram","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.eginnovations.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d28fef01834f3b388d7d825216013937?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d28fef01834f3b388d7d825216013937?s=96&d=mm&r=g","caption":"Babu Sundaram"},"sameAs":["https:\/\/x.com\/https:\/\/twitter.com\/virtualinfra76?lang=en"],"url":"https:\/\/www.eginnovations.com\/blog\/author\/babusundaram\/"}]}},"modified_by":"Victorious Seo","_links":{"self":[{"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/posts\/22349","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/comments?post=22349"}],"version-history":[{"count":0,"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/posts\/22349\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/media\/22724"}],"wp:attachment":[{"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/media?parent=22349"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/categories?post=22349"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.eginnovations.com\/blog\/wp-json\/wp\/v2\/tags?post=22349"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}