Monitoring the Microsoft Azure Entra ID

eG Enterprise provides a specialized Microsoft Azure Entra ID model for monitoring Microsoft Azure Entra ID.

Figure 1 : Layer model of a Microsoft Azure Entra ID component

Each layer in Figure 1 is mapped to tests that report on the health, availability, and performance of Microsoft Azure Entra ID. Using these metrics, administrators can find quick and accurate answers for the following performance queries:

Monitoring Category

What is Revealed?

Cloud availability

  • Is the Microsoft Azure cloud accessible over the network?

  •  If so, how quickly is it responding to requests?

Microsoft Azure Entra ID accessibility

Is Microsoft Azure Entra ID accessible over the network?

Identity management

  • Are there any applications registered with Microsoft Azure Entra ID that are not protected by certificates or secrets? If so, which ones are they?

  • Are any of the registered applications secured by certificates or secrets that have either expired or are nearing expiry? If so, which are these applications, and what are those certificates/secrets?

  • Were any critical changes made to the Azure cloud organization using Microsoft Azure Entra ID? Of so, what are those changes and who made them? Were these changes legitimate?

  • Were any activity failures logged in the audit logs? If so, then what type of changes were attempted on Microsoft Azure Entra ID when these failures occurred? Who attempted these changes and why did they fail?

  • Are any stale devices registered with Microsoft Azure Entra ID? If so, which ones are stale?

  • Is Microsoft Azure Entra ID managing any empty, inactive, or orphaned groups? Which groups are these?

  • Is any unlicensed / disabled / inactive user still registered with Microsoft Azure Entra ID? If so, who is it?

  • Which users are configured with a password that never expires or a weak password?

Sign-ins

  • Did any sign-in attempts to Microsoft Azure Entra ID fail? If so, what type of sign-ins were they - interactive sign-ins? non-interactive sign-ins? service principal sign-ins? or managed entity sign-ins?
  • Did sign-in attempts from any specific IP address fail frequently?
  • Did sign-in attempts from specific locations or for specific applications / services fail often?
  • Did the Provisioning logs capture any provisioning failure recently? If so, when did that failure occur, and what is the reason for it?
  • Are too many provisioning operations failing when they are attempting a specific action - eg., Create, Update, Delete etc.?

  • Are provisioning operations failing too frequently at a specific step?

Click on the links below to know about each layer of  Figure 1 and the tests mapped to it.

The Azure Connectivity Layer

The Azure Identity Layer

The Azure Entra ID Sign-ins Layer