How to use Azure Monitor workbooks for Azure Active Directory reports

Do you want to:

  • Understand the effect of your Conditional Access policies on your users' sign-in experience?

  • Troubleshoot sign-in failures to get a better view of your organization's sign-in health and to resolve issues quickly?

  • Know who's using legacy authentications to sign in to your environment? (By blocking legacy authentication, you can improve your tenant's protection.)

To help you to address these questions, Active Directory provides workbooks for monitoring. Azure Monitor workbooks combine text, analytics queries, metrics, and parameters into rich interactive reports.

This article:

  • Assumes you're familiar with how to Create interactive reports by using Monitor workbooks.

  • Explains how to use Monitor workbooks to understand the effect of your Conditional Access policies, to troubleshoot sign-in failures, and to identify legacy authentications.

Prerequisites

To use Monitor workbooks, you need:

Roles

You must be in one of the following roles as well as have access to underlying Log Analytics workspace to manage the workbooks:

  • Global Admin
  • Security Admin
  • Security Reader
  • Report Reader
  • Application Admin

Workbook access

To access workbooks:

  1. Sign in to the Azure portal.

  2. On the left navigation pane, select Azure Active Directory.

  3. In the Monitoring section, select Workbooks.

    Select Insights

  4. Select a report or template, or on the toolbar select Open.

    Select Open

Sign-in analysis

To access the sign-in analysis workbook, in the Usage section, select Sign-ins.

This workbook shows the following sign-in trends:

  • All sign-ins

  • Success

  • Pending user action

  • Failure

You can filter each trend by the following categories:

  • Time range

  • Apps

  • Users

Sign-in analysis

For each trend, you get a breakdown by the following categories:

  • Location

    Sign-ins by location

  • Device

    Sign-ins by device

Sign-ins using legacy authentication

To access the workbook for sign-ins that use legacy authentication, in the Usage section, select Sign-ins using Legacy Authentication.

This workbook shows the following sign-in trends:

  • All sign-ins

  • Success

You can filter each trend by the following categories:

  • Time range

  • Apps

  • Users

  • Protocols

Sign-ins by legacy authentication

For each trend, you get a breakdown by app and protocol.

Legacy-authentication sign-ins by app and protocol

Sign-ins by Conditional Access

To access the workbook for sign-ins by Conditional Access policies, in the Conditional Access section, select Sign-ins by Conditional Access.

This workbook shows the trends for disabled sign-ins. You can filter each trend by the following categories:

  • Time range

  • Apps

  • Users

Sign-ins using Conditional Access

For disabled sign-ins, you get a breakdown by the Conditional Access status.

Conditional Access status

Sign-ins by grant controls

To access the workbook for sign-ins by grant controls, in the Conditional Access section, select Sign-ins by Grant Controls.

This workbook shows the following disabled sign-in trends:

  • Require MFA

  • Require terms of use

  • Require privacy statement

  • Other

You can filter each trend by the following categories:

  • Time range

  • Apps

  • Users

Sign-ins by grant controls

For each trend, you get a breakdown by app and protocol.

Breakdown of recent sign-ins

Sign-ins failure analysis

Use the Sign-ins failure analysis workbook to troubleshoot errors with the following:

  • Sign-ins
  • Conditional Access policies
  • Legacy authentication

To access the sign-ins by Conditional Access data, in the Troubleshoot section, select Sign-ins using Legacy Authentication.

This workbook shows the following sign-in trends:

  • All sign-ins

  • Success

  • Pending action

  • Failure

You can filter each trend by the following categories:

  • Time range

  • Apps

  • Users

Troubleshooting sign-ins

To help you troubleshoot sign-ins, Azure Monitor gives you a breakdown by the following categories:

  • Top errors

    Summary of top errors

  • Sign-ins waiting on user action

    Summary of sign-ins waiting on user action

Next steps

Create interactive reports by using Monitor workbooks.