Skip to main content

Cloud

Azure Active Directory Reporting APIs Now Available

shutterstock_100605349 (2)One of the most common things we hear from our clients is their need to automatically access security related reports from Azure AD. With last week’s announcement from Microsoft about AAD Reporting APIs Public Preview, we now have that capability.
Azure AD already has a robust set of activity, security and audit reports, with some of the most useful provided within Azure AD Premium, and they can all easily be viewed within the Azure portal. With the new APIs, we can now programmatically access that data via “any tool or programming language which supports REST APIs with OAuth” and integrate it into a custom dashboard, Power BI/Excel, or your favorite SIEM solution.
The following reports can be accessed via the API:

  • AuditEvents
  • AccountProvisioningEvents
  • SignInsFromUnknownSourcesEvents
  • SignInsFromIPAddressesWithSuspiciousActivityEvents
  • SignInsFromMultipleGeographiesEvents
  • signInsAfterMultipleFailuresEvents
  • signInsFromPossiblyInfectedDevicesEvents (AAD Premium)
  • IrregularSignInActivityEvents (AAD Premium)
  • allUsersWithAnomalousSignInActivityEvents (AAD Premium)
  • CompromisedCredentialsEvent (AAD Premium)

Ready to get started? Check out this guide to Get Started with the Azure AD Reporting API.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Glenn Martin

More from this Author

Categories
Follow Us
TwitterLinkedinFacebookYoutubeInstagram