Header image overlay

Monitor Basic Authentication with Azure AD Diagnostics

Our Microsoft Solution Architect Jente Vandijck carefully explains the procedure in this guide:

1. Log Analytics Workspace

1.1 CREATE Log Analytics Workspace

It is not necessary to create an extra LAW for each function. If an LAW already exists you can simply 'reuse' it.

Use the steps below to create a Log Analytics Workspace, if one does not already exist. If an LAW already exists it can be used (if the naming is reasonably ok).

  1. https://portal.azure.com
  2. Create a new Resource Group (prd-weu-law-rg) or choose the existing resource group which also contains the ASR resources.OPTIONAL: Register 'microsoft.insights' to be able to use Log Analytics Workspace. Normally this happens automatically when creating an LAW, but sometimes it goes wrong.
    1. https://portal.azure.com
    2. Subscriptions > Select your subscription > (Settings) Resource Providers
    3. Select insights and click on register.
  3. Create a new Resource (within the correct resource group) and search for Log Analytics Workspace. Click on it and then choose Create.

  4. Select the right subscription, the right resource group and give your workspace a name (prd-weu-law-001) Then click on Pricing Tier to go to the next step.
  5. Select Pay-as-you-go (Per GB 2018) as pricing tier. It is possible that you cannot choose another tier.
  6. Provide the necessary Tags (important for governance!)
  7. Click on Review + Create & then on Create To create the Log Analytics Workspace


By Default no (log) data will be sent from Azure AD to the Log Analytics Workspace - this has to be done manually.

  1. https://portal.azure.com
  2. Go to Azure Active Directory.
  3. Click on (Monitoring) Diagnostic Settings and then on +Add diagnostic setting.
  4. Check under log all the logs. Choose at Destination details then Send to Log Analytics workspace and select the correct (recently created) LAW. Don't forget to click on Save.

Note: These logs can now also be used to monitor access to the emergency account!


2. Basic Authentication Monitoring

2.1 Workbooks

After activating the diagnostics settings, you will see under (Monitoring) Workbooks see different workbooks. These are by default in Azure AD and do not need to be created.

The workbook we need to monitor basic authentication is Sign-ins using Legacy Authentication.

Click on the workbook to see all the login with basic authentication. Please note: if your LAW is recently created, there will obviously not be many logs available yet.

2.2 Sign-In Logs

A second, but not so straightforward method of monitoring legacy sign-ins is through the Azure AD Sign-in Logs.

  1. https://portal.azure.com
  2. Go to Azure Active Directory
  3. Click on (Monitoring) Sign-ins
  4. Click on +Add Filters and select Client App.

Then select all Legacy protocols.

"Need technical support in setting up your Azure Active Directory? Then our experts can certainly help."
A 100% Belgian data center optimized for the hybrid model. Discover the advantages for your organization in this webinar!

Written by:

Jente Vandijck
Microsoft Solution Architect

As a certified Microsoft Azure Solution Architect, Jente knows the Microsoft Cloud like no other. To satisfy his technical hunger for knowledge, and to share it with the outside world, please visit his blog AzureScene.

What will the future bring? Get an exclusive tour & plenty of inspiring sessions at the revamped Living Tomorrow. It promises to be another great and educational year-end event! See you there?

Attention: limited number of places!