You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# How to: View applied conditional access policies in the Azure AD sign-in logs
23
23
24
-
With conditional access policies, you can control, how your users get access to the resources of your Azure tenant. As an tenant admin, you need to be able to determine what impact your conditional access policies on your users’ sign-in have, so that you can take action if necessary. The sign-in logs in Azure AD provide you with the information you need to assess the impact of your policies.
24
+
With conditional access policies, you can control, how your users get access to the resources of your Azure tenant. As an tenant admin, you need to be able to determine what impact your conditional access policies have on sign-ins to your tenant, so that you can take action if necessary. The sign-in logs in Azure AD provide you with the information you need to assess the impact of your policies.
25
25
26
26
27
27
This article explains how you can get access to the information about applied conditional access policies.
@@ -42,10 +42,7 @@ Some scenarios require you to get an understanding for how your conditional acce
42
42
-**Tenant administrators** who need to verify that conditional access policies have the intended impact on the users of a tenant.
43
43
44
44
45
-
46
-
using the Azure Portal, MS Graph, and PowerShell.
47
-
48
-
45
+
You can access the sign-in logs using the Azure Portal, MS Graph, and PowerShell.
49
46
50
47
51
48
@@ -88,7 +85,7 @@ The following built in roles grant permission to view sign-in logs:
88
85
89
86
## Required permissions for client apps
90
87
91
-
If you use a client app to pull sign-in logs from Graph, your app needs permissions to receive the appliedConditionalAccessPolicy object from Graph. We recommend assigning Policy.Read.ConditionalAccess because it is the least privileged permission. Any of the following permissions is sufficient for a client app to access applied CA policies in sign-in logs through Graph:
88
+
If you use a client app to pull sign-in logs from Graph, your app needs permissions to receive the **appliedConditionalAccessPolicy** object from Graph. As a best practice, assign **Policy.Read.ConditionalAccess** because it is the least privileged permission. Any of the following permissions is sufficient for a client app to access applied CA policies in sign-in logs through Graph:
0 commit comments