Back to Blog
Aad logs6/23/2023 ![]() ![]() Technically, in Azure AD, there are individual logs for a different types of sign-ins: ![]() Finally, at the end of May, I had time for That a public preview for AD FS sign-ins in Azure AD reporting is available to all customers.Īs soon as this was announced, I took a brief look and noticed that the agent is using Azure service bus (same than PTA authentication and Azure Web Application Proxy). The Health Agent for AD FS has been there for years to report the health of the service. ![]() License requirements to use Azure AD Connect Health is Azure AD Premium P1 or P2. To get things going, an agent need to be installed on each AD FS and proxy server. # Get the computer host name $env:COMPUTERNAME SERVER The service represents the AD FS service and has the name equal to the hostname property of AD FS service: The logical structure of the hybrid health AD FS services in ArchiMate notation can be seen below: ![]() Also, it makes the key data points about these components easily accessible.Īfter configuration and installation, we can see the health of AD FS services in the Azure AD Portal: This reliability is achieved by providing monitoring capabilities for your key identity components. It enables you to maintain a reliable connection to Microsoft 365 and Microsoft Online Services. Per Azure AD Connect Health documentation:Īzure Active Directory (Azure AD) Connect Health provides robust monitoring of your on-premises identity infrastructure. Moreover, I’ll show how Global Administrators can register fake agents to Azure AD - even for tenants not using AD FS at all. In this write-up (based on a Threat Analysis report by Secureworks), I’ll explain how anyone with a local administrator access to AD FS server (or proxy), can create arbitrary sign-ins events to Azure AD sign-ins log. Since March 2021, also AD FS sign-in events are gathered and sent to Azure AD. Health information is gathered by agents installed on each on-prem hybrid server.
0 Comments
Read More
Leave a Reply. |