Tag: Get-MgBetaAuditLogSignIn

Interpreting SignIn Audit Records for Service Principals

Posted on by Tony Redmond
Interpreting service principal signin data

Entra ID retains audit log records for service principal signins for 30 days. The audit data can reveal some interesting insights such as the presence of unexpected service principals or access to an application from an external source, or even the use of an app secret by an application instead of a more secure method. It’s time to write some PowerShell to interpret the data.

Lessons Learned from Using Azure Automation with PowerShell Scripts

Posted on by Tony Redmond
Azure Automation PowerShell finding audit log records.

I’ve spent some time investigating Azure Automation PowerShell recently. In this article, I discuss three learnings that might be of interest to others. Debugging, cost, and tracking the use of Azure Automation PowerShell might not interest everyone, but they’ve certainly helped me to understand how the platform works.