Conditional Access - Insights & Reporting

Are you a fan of statistics and graphs to help find gaps within your identity security? There's a feature under the hood of Entra's Conditional Access Policies that you may not be aware of called "Insights and Reporting" that gives you a wealth of useful information just for that job (example below).

IMPORTANT!!

Before configuring, please be aware that log ingestion isn't free. So depending on the environment you're looking to configure this in, you'll need to monitor costs accordingly.

Let's get you started....

Here's a high level overview of what we're going to implement. Firstly you'll need a Log Analytics Workspace , so for this exercise I'd recommend creating a dedicated one. Also ensure you have a Resource Group available to locate the new Workspace.

Within the Azure portal, go to Log Analytics Workspaces and click "Create" at the top.

Select the appropriate Subscription & Resource Group, then enter the name for your new Workspace along with it's location. Click Review + Create.

Note: I like my naming conventions, so feel free to steal!

Navigate to Microsoft Entra ID > Diagnostic Settings and click "+ Add diagnostic setting".

Choose which types of logs you want to ingest and tick "Send to Log Analytics Workspace", then select the subscription and workspace you just set up.

And thats it!!!

When you navigate to Conditional Access > Insights and Reporting, you'll see the page active, but will need to wait for data ingestion.

I'll be delving in to different options for event logging and reporting over the coming weeks / months to identify appropriate options to suit budgets and needs. In the meantime, I hope this has been helpful to someone and thanks for reading :)