Overlay | VanRoey.be

Monitor Basic Authentication with Azure AD Diagnostics

Share on whatsapp
Share on facebook
Share on twitter
Share on linkedin
Share on email

Our Microsoft Solution Architect Jente Vandijck carefully explains the procedure in this guide:

1. Log Analytics Workspace

1.1 CREATE Log Analytics Workspace

It is not necessary to create an extra LAW for each function. If an LAW already exists you can simply 'reuse' it.

Use the steps below to create a Log Analytics Workspace, if one does not already exist. If an LAW already exists it can be used (if the naming is reasonably ok).

  1. https://portal.azure.com
  2. Create a new Resource Group (prd-weu-law-rg) or choose the existing resource group which also contains the ASR resources.OPTIONAL: Register 'microsoft.insights' to be able to use Log Analytics Workspace. Normally this happens automatically when creating an LAW, but sometimes it goes wrong.
    1. https://portal.azure.com
    2. Subscriptions > Select your subscription > (Settings) Resource Providers
    3. Select insights and click on register.
  3. Create a new Resource (within the correct resource group) and search for Log Analytics Workspace. Click on it and then choose Create.

  4. Select the right subscription, the right resource group and give your workspace a name (prd-weu-law-001) Then click on Pricing Tier to go to the next step.
  5. Select Pay-as-you-go (Per GB 2018) as pricing tier. It is possible that you cannot choose another tier.
  6. Provide the necessary Tags (important for governance!)
  7. Click on Review + Create & then on Create To create the Log Analytics Workspace

1.2 SEND Azure AD DIAGNOSTICS TO LAW

By Default no (log) data will be sent from Azure AD to the Log Analytics Workspace - this has to be done manually.

  1. https://portal.azure.com
  2. Go to Azure Active Directory.
  3. Click on (Monitoring) Diagnostic Settings and then on +Add diagnostic setting.
  4. Check under log all the logs. Choose at Destination details then Send to Log Analytics workspace and select the correct (recently created) LAW. Don't forget to click on Save.

Note: These logs can now also be used to monitor access to the emergency account!

 

2. Basic Authentication Monitoring

2.1 Workbooks

After activating the diagnostics settings, you will see under (Monitoring) Workbooks see different workbooks. These are by default in Azure AD and do not need to be created.

The workbook we need to monitor basic authentication is Sign-ins using Legacy Authentication.

Click on the workbook to see all the login with basic authentication. Please note: if your LAW is recently created, there will obviously not be many logs available yet.

2.2 Sign-In Logs

A second, but not so straightforward method of monitoring legacy sign-ins is through the Azure AD Sign-in Logs.

  1. https://portal.azure.com
  2. Go to Azure Active Directory
  3. Click on (Monitoring) Sign-ins
  4. Click on +Add Filters and select Client App.

Then select all Legacy protocols.

"Need technical support in setting up your Azure Active Directory? Then our experts can certainly help."

Written by:

Jente Vandijck
Microsoft Solution Architect

As a certified Microsoft Azure Solution Architect, Jente knows the Microsoft Cloud like no other. To satisfy his technical hunger for knowledge, and to share it with the outside world, please visit his blog AzureScene.

Share on whatsapp
Share on facebook
Share on twitter
Share on linkedin
Share on email

Related info

Use state-of-the-art cloud infrastructure without the necessary investment. All services integrate perfectly with your on-premise data centre.
Migrate the huge storage on your fileservers to Azure and use local storage as a cache. Faster, safer and cheaper!
Automatically start a duplicate of your VMs in the cloud so you don't experience any downtime. Fast, efficient and inexpensive!