What information does Rencore Governance provide for Azure Active Directory?

This article details information that Rencore Governance provides for Azure AD

This service scans Azure Active Directory (Azure AD) which is a cloud-based identity and access management solution. This service currently scans the component of Azure AD as detailed below:

Azure AD Sign Ins

An Azure AD Sign-In contains information about the usage of managed applications and user sign-in activities. The following properties are currently part of the Azure AD Sign Ins object in Rencore Governance: 

  • Display Name
  • Id
  • Activity Date
  • User
  • UserPrincipalName
  • UserId
  • ClientAppUsed
  • AppId
  • CorrelationId
  • Error Code
  • AppDisplayName
  • IpAddress
  • Conditional Access Status
  • Is Interactive
  • Unlikely Travel
  • Anonymized IP Address
  • Malicious IP Address
  • Unfamiliar Features
  • Malware Infected IP Address
  • Suspicious IP Address
  • Leaked Credentials
  • Investigations Threat Intelligence
  • Generic
  • Unknown Future Value
  • Risk Level Aggregated
  • Risk Detail
  • Risk Level During SignIn
  • Risk State
  • Failure Reason
  • Additional Details
  • Device Id
  • Display Name Device
  • Browser
  • Operating System
  • City
  • State
  • Country Or Region

Directory Audits

A directory audit provides traceability through logs for all changes done by various features within Azure AD. Examples of audit logs include changes made to any resources within Azure AD like adding or removing users, apps, groups, roles, and policies. The following properties are currently part of the Directory Audits object in Rencore Governance: 

  • Display Name
  • Id
  • Category
  • CorrelationId
  • Result
  • Result Reason
  • Activity Display Name
  • Activity Date
  • Logged By Service
  • User Principal Name
  • User
  • UserId
  • User Display Name
  • Ip Address
  • App Name