Sonntag, 2. Mai 2021

Showing Azure AD Sign-in locations in a world map

 "We need an overview showing from where people are logging on to our Microsoft Cloud environment."  This requirement came up as part of a project.And the first approach was to use the features that are directly available in Microsoft Cloud solutions:

Azure AD Sign-In Logs:

Here, however, came the request to display this info on a world map to visually see where the login-ins came from. Cloud App Security offers this feature as a standard feature on the dashboard (https://portal.cloudappsecurity.com/#/dashboard).

Cloud App Security:

However, the Cloud App Security feature is not available in all license bundles, and the dashboard can only be filtered by the apps used.

Solution

The Azure AD sign-in logs are also available as a workbook template in Azure Sentinel. And this workbook template can be customized / extended:

To add a world map to the standard workbook with the regions from which the accesses occurred, the following steps are necessary:

  • Azure Sentinel -> Workbooks -> Azure AD Sign-in logs -> View saved Workbook. (See screenshot above)
  • In the upper left pane, "Select Edit" and then on the "Sign-ins by Location" report, select the "Edit" option for that report:
  • In the edit mode the button "Add -> Add Query" is available. In the new query that is created, copy the text from the query "Sign-ins by Location" and select "Map" as visualization:
  • The values for "Location Info using" and "Country/Region field" in the Map Settings must be configured at least:
  • Result:

The workbook and therefore the map can now be filtered by the following values:
  • TimeRange
  • Apps
  • Users
  • Category (Sign-in Logs / Non interactive sign-in logs)

Related topics

The Traffic Analytics feature focuses on the following scenarios: https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics

    • Visualize network activity across your Azure subscriptions and identify hot spots.
    • Identify security threats to, and secure your network, with information such as open-ports, applications attempting internet access, and virtual machines (VM) connecting to rogue networks.
    • Understand traffic flow patterns across Azure regions and the internet to optimize your network deployment for performance and capacity.
    • Pinpoint network misconfigurations leading to failed connections in your network. 












Keine Kommentare:

Kommentar posten