Microsoft Entra audit logs collect all traceable activities within your Microsoft Entra tenant. Audit logs can be used to determine who made a change to service, user, group, or other item.
The sign-in logs provided by Microsoft Entra ID include interactive and non-interactive user sign-ins, as well as service principal and managed identity sign-ins.
Note: A Client Global Administrator or Cloud Application Administrator (least privileged) must consent to this URL to authorize this application.
This form will start a background task to “pull” Entra ID AuditLogs & SignInLogs. The retrieved records will be sent to Azure Data Explorer for analysis. “Pulls” typically take 5-20 minutes depending on the amount of records received.