Azure AD Sign-in logs are the go-to place for troubleshooting user sign-ins, tracking malicious login attempts and analyzing Conditional Access policies for Microsoft 365. There are a lot of recent updates which make traversing the Sign-in logs more user friendly and speed up troubleshooting. Some of the recent updates are visibility of refresh tokens and application sign-ins. Another interesting feature currently in Preview is Conditional Access Policy Details.
The new Policy Details slide out gives us a fantastic, easy to interoperate view of the logic behind if a policy has been applied or not. To access the Policy Details feature, simply navigate to a user sign-in as normal and open the Conditional Access tab.
From here, click on the name of the policy and the Policy Details pane will slide out from the right of the page.
Here we can see step by step exactly what happened with our Conditional Access policy. We see the criteria applied in the policy and the results of each step. This feature adds to the already brilliant Azure AD Sign-In logs experience and will save admins a lot of time troubleshooting and testing Conditional Access Policies.
For more information on using the Sign-in Logs, check out this Microsoft Article: