Query Details
Visualization Conditional Access Sign In Failures
Query
# Visualization SignIn Failures due to Conditional Access Policy ## Query Information #### Description This visualisation will return the failure types that occur in your tenant that are related to any conditional access failure. This can be used to deterime which failures are related to a policy and if strange activity is being performed or if a policy needs to be tuned in a specific manner. #### References - https://learn.microsoft.com/en-us/azure/active-directory/develop/reference-error-codes ## Sentinel ```KQL SigninLogs | where ResultDescription has "Conditional Access" | summarize Total = count() by ResultType, ResultDescription | render barchart with(title="Conditional Access Failures") ```
Explanation
This query retrieves information about the types of failures related to conditional access policies in your tenant. It counts the occurrences of each failure type and displays them in a bar chart visualization. This can help identify any unusual activity or determine if any policy adjustments are needed.
Details
Bert-Jan Pals
Released: October 18, 2023
Tables
SigninLogs
Keywords
Devices,Intune,User
Operators
wherehassummarizecountbyrender