Monitoring the Microsoft Azure Active Directory

eG Enterprise provides a specialized Microsoft Azure Active Directory model for monitoring Azure AD.

Figure 1 : Layer model of a Microsoft Azure Active Directory component

Each layer in Figure 1 is mapped to tests that report on the health, availability, and performance of Azure AD. Using these metrics, administrators can find quick and accurate answers for the following performance queries:

Monitoring Category

What is Revealed?

Cloud availability

  • Is the Microsoft Azure cloud accessible over the network?

  •  If so, how quickly is it responding to requests?

Azure AD accessibility

Is Azure AD accessible over the network?

Identity management

  • Are there any applications registered with Azure AD that are not protected by certificates or secrets? If so, which ones are they?

  • Are any of the registered applications secured by certificates or secrets that have either expired or are nearing expiry? If so, which are these applications, and what are those certificates/secrets?

  • Were any critical changes made to the Azure cloud organization using Azure AD? Of so, what are those changes and who made them? Were these changes legitimate?

  • Were any activity failures logged in the audit logs? If so, then what type of changes were attempted on Azure AD when these failures occurred? Who attempted these changes and why did they fail?

  • Are any stale devices registered with Azure AD? If so, which ones are stale?

  • Is Azure AD managing any empty, inactive, or orphaned groups? Which groups are these?

  • Is any unlicensed / disabled / inactive user still registered with Azure AD? If so, who is it?

  • Which users are configured with a password that never expires or a weak password?

Sign-ins

  • Did any sign-in attempts to Azure AD fail? If so, what type of sign-ins were they - interactive sign-ins? non-interactive sign-ins? service principal sign-ins? or managed entity sign-ins?
  • Did sign-in attempts from any specific IP address fail frequently?
  • Did sign-in attempts from specific locations or for specific applications / services fail often?
  • Did the Provisioning logs capture any provisioning failure recently? If so, when did that failure occur, and what is the reason for it?
  • Are too many provisioning operations failing when they are attempting a specific action - eg., Create, Update, Delete etc.?

  • Are provisioning operations failing too frequently at a specific step?

Click on the links below to know about each layer of  Figure 1 and the tests mapped to it.

The Azure Connectivity Layer

The Azure Identity Layer

The Azure AD Sign-ins Layer