One of the most common things we hear from our clients is their need to automatically access security related reports from Azure AD. With last week’s announcement from Microsoft about AAD Reporting APIs Public Preview, we now have that capability.
Azure AD already has a robust set of activity, security and audit reports, with some of the most useful provided within Azure AD Premium, and they can all easily be viewed within the Azure portal. With the new APIs, we can now programmatically access that data via “any tool or programming language which supports REST APIs with OAuth” and integrate it into a custom dashboard, Power BI/Excel, or your favorite SIEM solution.
The following reports can be accessed via the API:
- AuditEvents
- AccountProvisioningEvents
- SignInsFromUnknownSourcesEvents
- SignInsFromIPAddressesWithSuspiciousActivityEvents
- SignInsFromMultipleGeographiesEvents
- signInsAfterMultipleFailuresEvents
- signInsFromPossiblyInfectedDevicesEvents (AAD Premium)
- IrregularSignInActivityEvents (AAD Premium)
- allUsersWithAnomalousSignInActivityEvents (AAD Premium)
- CompromisedCredentialsEvent (AAD Premium)
Ready to get started? Check out this guide to Get Started with the Azure AD Reporting API.
