Skip to content

SCOM & Other Geeky Stuff

A series of blog posts around Microsoft Cloud and Datacenter technologies, specifically Azure Cloud, System Center and other various Microsoft technologies.

  • About Ravi
Follow SCOM & Other Geeky Stuff on WordPress.com

Categories

  • Automation
  • Azure
  • Cloud
  • Cybersecurity
  • DSC
  • Hyper-V
  • IBM
  • Linux
  • Log Analytics
  • OMS
  • OperationsManager
  • Orchestrator
  • PowerShell
  • SCCM
  • SCOM
  • SCVMM
  • SQL Server
  • Storage
  • StorWize
  • System Center
  • Uncategorized
  • Virtualization
  • VMware
  • Windows OS
  • Windows Server

Recent Posts

  • Big Announcement
  • Azure Backup Center
  • Azure MSI & Policy Governance
  • Azure AD Sign-In Logs – Managed Identities + Service Principals
  • What version of Azure SQL makes sense for you?

Recent Comments

Ravi Yadav on SCCM 2012 R2 (Configuration Ma…
Anas on SCCM 2012 R2 (Configuration Ma…
[2021.7 updated] the… on Blocking Internet Access for A…
Securing Access to S… on Azure Service Endpoints versus…
Ravi Theja Madisetty on Restricting RDP (Remote Deskto…

Archives

  • November 2021
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • August 2019
  • March 2019
  • February 2019
  • September 2018
  • August 2018
  • July 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • September 2015
  • August 2015
  • January 2015
  • November 2014
  • October 2014
  • June 2014

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.com

Azure AD Sign-In Logs – Managed Identities + Service Principals

Written by Ravi Yadav

Over the weekend, I realized Azure Active Directory (Azure AD) can now allow its Sign-In logs for both Service Principals (SP) and Managed (Service) Identities (MSI) to be collected and forwarded to Event Hubs, Log Analytics and/or a Storage Account. I would strongly advise any Azure AD environment to enable this setting as soon as possible as both MSI’s and SP’ pose a giant risk due to the lack of Conditional Access. Not having the ability to enforce Conditional Access on SPs and MSIs is a giant, giant security risk. And, as a minimum, one should enable log-in events to mediate if and when possible.

In my solution below, I have Azure AD to send its Audit and Sign-In logs to an Event Hubs namespace, which in turn is allowing a 3rd Party SIEM to collect the logs.

Sharing is Caring:

  • Twitter
  • LinkedIn
  • Facebook
  • Email

Like this:

Like Loading...

Related

August 24, 2020August 25, 2020 · Posted in Azure, Cybersecurity · Tagged Azure AD, Event Hubs, Log Analytics, Managed Service Identities, Service Principals, Sign-In Logs ·

Leave a Reply Cancel reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. ( Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. ( Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. ( Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Post navigation

« What version of Azure SQL makes sense for you?
Azure MSI & Policy Governance »
Create a free website or blog at WordPress.com.
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy
  • Follow Following
    • SCOM & Other Geeky Stuff
    • Join 161 other followers
    • Already have a WordPress.com account? Log in now.
    • SCOM & Other Geeky Stuff
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Copy shortlink
    • Report this content
    • View post in Reader
    • Manage subscriptions
    • Collapse this bar
 

Loading Comments...
 

    loading Cancel
    Post was not sent - check your email addresses!
    Email check failed, please try again
    Sorry, your blog cannot share posts by email.
    %d bloggers like this: