VanRoey Logo
VanRoey Logo
menu
Header image overlay

Monitor Basic Authentication with Azure AD Diagnostics

Our Microsoft Solution Architect Jente Vandijck carefully explains the procedure in this guide:

1. Log Analytics Workspace

1.1 CREATE Log Analytics Workspace

It is not necessary to create an extra LAW for each function. If an LAW already exists you can simply 'reuse' it.

Use the steps below to create a Log Analytics Workspace, if one does not already exist. If an LAW already exists it can be used (if the naming is reasonably ok).

  1. https://portal.azure.com
  2. Create a new Resource Group (prd-weu-law-rg) or choose the existing resource group which also contains the ASR resources.OPTIONAL: Register 'microsoft.insights' to be able to use Log Analytics Workspace. Normally this happens automatically when creating an LAW, but sometimes it goes wrong.
    1. https://portal.azure.com
    2. Subscriptions > Select your subscription > (Settings) Resource Providers
    3. Select insights and click on register.
  3. Create a new Resource (within the correct resource group) and search for Log Analytics Workspace. Click on it and then choose Create.

  4. Select the right subscription, the right resource group and give your workspace a name (prd-weu-law-001) Then click on Pricing Tier to go to the next step.
  5. Select Pay-as-you-go (Per GB 2018) as pricing tier. It is possible that you cannot choose another tier.
  6. Provide the necessary Tags (important for governance!)
  7. Click on Review + Create & then on Create To create the Log Analytics Workspace

1.2 SEND Azure AD DIAGNOSTICS TO LAW

By Default no (log) data will be sent from Azure AD to the Log Analytics Workspace - this has to be done manually.

  1. https://portal.azure.com
  2. Go to Azure Active Directory.
  3. Click on (Monitoring) Diagnostic Settings and then on +Add diagnostic setting.
  4. Check under log all the logs. Choose at Destination details then Send to Log Analytics workspace and select the correct (recently created) LAW. Don't forget to click on Save.

Note: These logs can now also be used to monitor access to the emergency account!

 

2. Basic Authentication Monitoring

2.1 Workbooks

After activating the diagnostics settings, you will see under (Monitoring) Workbooks see different workbooks. These are by default in Azure AD and do not need to be created.

The workbook we need to monitor basic authentication is Sign-ins using Legacy Authentication.

Click on the workbook to see all the login with basic authentication. Please note: if your LAW is recently created, there will obviously not be many logs available yet.

2.2 Sign-In Logs

A second, but not so straightforward method of monitoring legacy sign-ins is through the Azure AD Sign-in Logs.

  1. https://portal.azure.com
  2. Go to Azure Active Directory
  3. Click on (Monitoring) Sign-ins
  4. Click on +Add Filters and select Client App.

Then select all Legacy protocols.

"Need technical support in setting up your Azure Active Directory? Then our experts can certainly help."
Clippy forces you to follow us.
  • Webinar
VanRoey.be Private Cloud | VanRoey.be
VanRoey.be Private Cloud | VanRoey.be

VanRoey Private Cloud

A 100% Belgian data center optimized for the hybrid model. Discover the advantages for your organization in this webinar!
Get Free Access

Written by:

Profile picture Jente Vandijck | VanRoey.be
LinkedIn icon
Jente Vandijck
Microsoft Solution Architect

As a certified Microsoft Azure Solution Architect, Jente knows the Microsoft Cloud like no other. To satisfy his technical hunger for knowledge, and to share it with the outside world, please visit his blog AzureScene.

Related info

Microsoft Azure

Azure Enterprise Cloud | VanRoey.be

VanRoey Private Cloud

VanRoey.be Private Cloud | VanRoey.be

Azure Site Recovery

Azure Cloud Security

Azure File Sync

Azure Cloud

Let our experts guide you

Like thousands of organisations, rely on our knowledge & experience to work out your ideal network, data centre, IT security, CRM / ERP, meeting rooms or digital workplace...

Ask your question


Thanks to the Fortinet Security Fabric, a single security platform allows us to manage all our devices centrally and conveniently, without sacrificing data nor Internet accessibility! Watch video case...
Luc Smet
Luc SmetICT-NIM Teamleader


What I appreciate most about VanRoey is their hands-on approach and no-nonsense corporate culture. Moreover, they don't just answer the question, but they really do think along. For us, this has led to a deeper understanding and solutions that exactly fill our needs. Watch video case...
Steven BruynseelsIT Operations Manager


Switching to telephony via Teams went smoothly. Communication is very important to me in such projects. The cooperation between us, Telenet and VanRoey went very smoothly. Watch video case...
Gert Torah
Gert TorahIT Manager


I've worked with many companies before, but the approach of VanRoey is really quite unparalleled. With VanRoey.be we found the IT partner we were looking for. Read the case...
Raf De Leu
Raf De LeuIT Manager


We are very satisfied with the cooperation with VanRoey. Their people have a extensive knowledge and, in addition, can be used on a understandable way ...to transfer. Read the case...
Kim Kerkhofs
Kim KerkhofsExecutive assistant


Quality pays for itself over the years anyway, both for construction projects and in ICT. We therefore opted for the VanRoey ecosystem: the right solutions, the right brands, expertise and flexibility, with high reliability as a result. Read the case...
Martin Björklund
Martin BjörklundICT administrator

Newsletter  | Linkedin

LinkedIn Spotify Instagram Facebook-f Youtube Newspaper

Conditions – PartnershipsSatisfaction survey - VanRoey

  BC-Certified-logo_ISO-27001

Our Solutions

Managed IT Services
Security audit
Expertise Services

IT Security Strategy
Train Your Staff (Awareness)
Network Security
Firewalls
Antivirus
Endpoint Defence & Response (EDR)
Cybersecurity for Government (Smals)
Smart AI camera surveillance

VanRoey Private Cloud (IaaS)
Servers & Storage
Apps & device management
Backup Solutions
Networking & Wifi
Internet line & IP VPN
Azure Cloud Solutions
AI-powered CCTV

Copilot AI
Microsoft 365 / Office 365
Microsoft Teams
Microsoft SharePoint
CTOUCH Touchscreens
HP Business Notebooks
Dell XPS & Latitudes
Professional Printers

ERP & CRM With Dynamics 365
Power Platform
Dynamics 365 Real Estate
GPS Tracking(Sensolus) / Indoor tracking (Pozyx)

Events

Training

Experience Center

Jobs

About

ESG

Kempus

Customer Area

Contact
Living Tomorrow building

Event: 30 Nov

IT Inspiration Day

What will the future bring? Get an exclusive tour & plenty of inspiring sessions at the revamped Living Tomorrow. It promises to be another great and educational year-end event! See you there?

Info & registration

Attention: limited number of places!