Query Details
Auth Token Issuer
Query
// AzureAD backup authentication system has been introduced in November 2021 to increase resilience of this core service. Sign-in logs offers insights about tokens which has been reissued by the backup service. // More details about the backup system: https://learn.microsoft.com/en-us/azure/active-directory/architecture/backup-authentication-system?WT.mc_id=AZ-MVP-5003945 union SigninLogs, AADNonInteractiveUserSignInLogs | where TimeGenerated >ago(30d) | summarize count() by (TokenIssuerType), bin(TimeGenerated, 1d) | render timechart
Explanation
This query combines the SigninLogs and AADNonInteractiveUserSignInLogs tables to analyze token reissuance by the AzureAD backup authentication system. It filters the data to include only the last 30 days and groups the results by TokenIssuerType. The output is then visualized as a time chart.
Details
Thomas Naunheim
Released: September 28, 2023
Tables
SigninLogsAADNonInteractiveUserSignInLogs
Keywords
SigninLogs,AADNonInteractiveUserSignInLogs,TimeGenerated,TokenIssuerType
Operators
unionwheresummarizebybinrender