question

AMAzure8060 avatar image
AMAzure8060 asked ·

Issues while configuring a Conditional Access policy in report-only mode (Preview)

Reports Only Policy selected (does not permit deselecting all ca policies but have to do so singlely)
Time range last 7 days (does not export anything beyond current date)
User: All users (does not detect by individual user or groups defined)

Sign in events results are not accurate. After query is run it displays only current date even though we selected older than 7 days or anything beyond 24 hrs.
We also export all columns to csv and the same results.
We are sure we have sign ins for the users in the group defined in the reports only CA policy.
If we run the report last week, it displayed for one user. If we run today it also display one user failed.
However we cannot historically see within 7 days all failed users if the ca policy is to be enabled.
There is a bug or usage issue?

Also for users, how do we select by individual user or group? How is that defined? I tried username, username@domain.com but nothing works. I also tried display name of the azure ad group, but also didn't return any sign in events.
Is it a bug or usage/clarification issue?

Lastly, there is no way to deselect all. By default all CA policies are selected. We have to deselect each policy individually by unchecking each one. Please add a method to deselect all as we have too many to deselect individually.

azure-active-directory
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

MarileeTurscak avatar image
MarileeTurscak answered ·

Some of these may be limitations with the preview version I'm testing in my lab environment and reaching out to the PG to confirm if these are known issues.

As for sign-in events, you need a Premium license to see data beyond 7 days and if you only just started using the feature it may not show the older data. https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/troubleshoot-missing-audit-data

Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.