Identity and access reports API overview

With Microsoft Graph, you can programmatically accesss identity and access reports to monitor and troubleshoot all activities in your tenant. In addition, you can analyze these logs with Azure Monitor logs and Log Analytics, or stream to third-party SIEM tools for further investigations.

The availability of all Microsoft Entra identity and access reports is governed by the Microsoft Entra data retention policies.

Available reports

Application activity reports

AD FS application activity

The AD FS application activity report provides information about how a relying party is configured with Active Directory Federation Services (AD FS), its aggregated usage, and whether the relying party configuration can be migrated to Microsoft Entra ID. For more information, see the relyingPartyDetailedSummary resource.

Application credential activity (preview)

This report is available through the appCredentialSignInActivity resource type and details the usage of an app credential (secret, certificate, or federated identity credential) in your tenant.

Service principal sign in activity (preview)

This report is available through the servicePrincipalSignInActivity resource type and details the sign-in activity for a service principal in your tenant. The sign-in activity can be delegated or application-only scenarios. For application-only scenarios, the application credential activity provides additional information on the credential usage.

Application sign-in

Evaluate the usage of application sign-ins in your tenant using either a summary report or a report that provides details of sign-ins, such as the number of sign-ins and whether any errors occurred during sign-in.

Application user activity (preview)

In Microsoft Entra External ID for external tenants where you have registered apps that customers sign-in to, you can track sign-in and sign-up user activities. You can query and analyze data for daily active users, monthly active users, total users, new users, authentications, requests, and multifactor authentication usage. For more information, see the dailyUserInsightMetricsRoot resource type and monthlyUserInsightMetricsRoot resource type.

Health reports (preview)

• Monitor Microsoft Entra availability and SLA compliance. This report is available on the Microsoft Entra portal through Monitoring and health tab group > Health > SLA attainment
• Monitor the health of various Microsoft Entra and Microsoft 365 services through the serviceActivity resource type and its associated API operations. For example:
  • Success and failure metrics for important events within your tenant such as MFA sign-in success and failure metrics, and Conditional Access sign-in metrics for managed and compliant devices. These reports are available on the Microsoft Entra portal through Monitoring and health tab group > Health > Scenario Monitoring
  • Health status for Microsoft 365 services including Exchange Online, Teams, and different Microsoft 365 apps like Word, PowerPoint, Visio, and Excel
• Retrieve signals for different alerts relating to Microsoft Entra services with Microsoft Entra Health monitoring APIs

Registration and usage

Authentication methods activity reports provides information on the registration and usage of authentication methods in your tenant. For example, how many users are registered for an authentication method, how any are capable for MFA or SSPR, and so on. You can determine which authentication methods are more successful for your organization, what types of errors end users are running into, and what campaign you need to run to help your end users adopt the use of SSPR and MFA.

For more information, see authentication method usage APIs.

Microsoft Entra audit logs

Audit logs are available for sign-ins, activities in the directory, and provisioning. For more information, see Microsoft Entra audit logs.

Related content

• For more information about these reports, see:
  • Microsoft Entra monitoring and health
  • Microsoft 365 monitoring