Azure Security & Activity Reports

9 Reports

About Security & Activity Reports

A brand-new Security & Activity tab in Azure Reports brings nine premium Microsoft Entra ID reports together in one place — sign-in and audit activity, identity-protection risk, conditional access, MFA registration, and privileged-role eligibility. These reports surface the security and activity data that on-premises Active Directory simply doesn't have.

Premium tier: Each report is labeled P1 or P2 for the Microsoft Entra ID license it needs. If you're missing a license or admin consent, AD Reports shows a clear License Required or Permission Required message instead of a cryptic error. Consent for premium data is requested only when you run a report — your normal sign-in and free-tier Azure reports are never affected.

Example: Azure Security & Activity tab in AD Reports

AD Reports Azure Security and Activity Reports

Available Reports

Sign-In Logs P1

Interactive and non-interactive sign-in events from your tenant — who signed in, when, from where, on which app, and whether it succeeded or failed.

User Sign-In Activity P1

Per-user last-sign-in summary (signInActivity) — the fastest way to find dormant cloud accounts that haven't authenticated in months.

Directory Audit Logs P1

Directory changes — user, group, role, and policy modifications — with the actor, target, and timestamp for each change.

Provisioning Logs P1

Records of accounts provisioned to and from connected apps — useful for tracking SCIM / app provisioning successes and failures.

MFA Registration P1

Per-user multi-factor authentication registration status — who is registered for MFA / passwordless methods and who is still a gap.

Conditional Access Policies P1

Inventory of every Conditional Access policy with its state, assignments, conditions, and grant controls — a one-glance review of your access posture.

Risky Users P2

Microsoft Entra ID Protection risky users with their risk level and risk state — the accounts most likely to be compromised.

Risk Detections P2

Individual Identity Protection risk detections (anonymous IP, impossible travel, leaked credentials, and more) with detection type, level, and timestamp.

PIM Eligible Roles P2

Privileged Identity Management eligible role assignments — who can activate privileged directory roles, even when not currently active.

What [P1] and [P2] Mean

P1 reports require a Microsoft Entra ID P1 license (sign-in / audit / provisioning logs, MFA registration, conditional access).

P2 reports require a Microsoft Entra ID P2 license, which adds Identity Protection (Risky Users, Risk Detections) and Privileged Identity Management (PIM Eligible Roles). The exact requirement is shown next to each report inside AD Reports, and unavailable reports explain precisely what's missing.