The Azure Active Directory portal gives you access to Sign-in logs which helps to track how your resources are used by users and get sign-in activity logs (success and failed log-ins). The Azure portal provides several options to access the Sign-in logs. In this post, we will explore how to view the logs and download the report to CSV or JSON file.
To access the Sign-in logs, you need to be a Global administrator or Security administrator, or Global reader. The sign-in activity report is available in all editions of Azure AD. If you want to access the report through the Microsoft Graph API, then you should have Azure Active Directory P1 or P2 license.
Export Azure AD Users Sign-In Logs from Azure AD portal
Follow the below steps to view and download the Sign-in audit logs.
- Sign in to the Azure portal, select Azure Active Directory.
- In the Azure Active Directory pane, on left-side navigation, scroll down to the bottom and select Sign-in logs in the Monitoring section.
- By default, the report will be generated for users’ interactive sign-in logs for the last 24 hours, you can change this interval as last 7 days or last 1 month or custom time interval.
- In the default view, the report loaded with default columns such as Sign-in date, username, application in which the user has signed in, sign-in status, IP address and location of the user, and conditional access policy that force multi-factor authentication (MFA) requirement. You can add more columns and customize the view by clicking Columns in the toolbar.
- You can also apply filters to get sign-in activity reports with specific criteria such as sign-in logs by the user, by sign status, by client app, and more…
- Once you generated the required sign-in activity report, you can download the result as CSV or JSON file by clicking the Download button in the toolbar.
Advertisement