Skip to content

SCOM & Other Geeky Stuff

A series of blog posts around Microsoft Cloud and Datacenter technologies, specifically Azure Cloud, System Center and other various Microsoft technologies.

  • About Ravi
Follow SCOM & Other Geeky Stuff on WordPress.com

Categories

  • Automation
  • Azure
  • Cloud
  • Cybersecurity
  • DSC
  • Hyper-V
  • IBM
  • Linux
  • Log Analytics
  • OMS
  • OperationsManager
  • Orchestrator
  • PowerShell
  • SCCM
  • SCOM
  • SCVMM
  • SQL Server
  • Storage
  • StorWize
  • System Center
  • Uncategorized
  • Virtualization
  • VMware
  • Windows OS
  • Windows Server

Recent Posts

  • Azure AD Sign-In Logs – Managed Identities + Service Principals
  • Azure Default Service Principals vs Customer Created
  • Azure Virtual WAN – Now supports 3rd Party Network Virtual Appliances (NVA)
  • Azure Virtual WAN (Hub-Spoke v2.0)
  • Azure Service Endpoints versus Azure Private Links

Recent Comments

Ravi Yadav on Forcefully Revoke Azure AD Use…
C.M.Ramos on Forcefully Revoke Azure AD Use…
Azure Virtual WAN… on Azure Virtual WAN (Hub-Spoke…
Ravi Yadav on New Features in SCOM 2016…
Ken Zygmunt on New Features in SCOM 2016…

Archives

  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • August 2019
  • March 2019
  • February 2019
  • September 2018
  • August 2018
  • July 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • September 2015
  • August 2015
  • January 2015
  • November 2014
  • October 2014
  • June 2014

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.com

Azure AD Sign-In Logs – Managed Identities + Service Principals

Written by Ravi Yadav

Over the weekend, I realized Azure Active Directory (Azure AD) can now allow its Sign-In logs for both Service Principals (SP) and Managed (Service) Identities (MSI) to be collected and forwarded to Event Hubs, Log Analytics and/or a Storage Account. I would strongly advise any Azure AD environment to enable this setting as soon as possible as both MSI’s and SP’ pose a giant risk due to the lack of Conditional Access. Not having the ability to enforce Conditional Access on SPs and MSIs is a giant, giant security risk. And, as a minimum, one should enable log-in events to mediate if and when possible.

In my solution below, I have Azure AD to send its Audit and Sign-In logs to an Event Hubs namespace, which in turn is allowing a 3rd Party SIEM to collect the logs.

Sharing is Caring:

  • Twitter
  • LinkedIn
  • Facebook
  • Email

Like this:

Like Loading...

Related

August 24, 2020August 25, 2020 · Posted in Azure, Cybersecurity · Tagged Azure AD, Event Hubs, Log Analytics, Managed Service Identities, Service Principals, Sign-In Logs ·

Leave a Reply Cancel reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. ( Log Out /  Change )

Google photo

You are commenting using your Google account. ( Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. ( Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. ( Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Post navigation

« Azure Default Service Principals vs Customer Created
Create a free website or blog at WordPress.com.
Cancel
loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy
%d bloggers like this: