Detect Logons Outside of Trusted Locations in Microsoft Entra ID

How to Detect Logons Outside of Trusted Locations in Microsoft Entra ID

  1. Open portal.azure.com -> Click “Azure Active Directory”.

  2. In the Monitoring section, click “Sign-ins”.

  3. Click Download -> CSV.

  4. Import the resulting file into Microsoft Excel:

    • In Excel, click File -> Open –> Choose the file you just downloaded.

    • In the Text Import Wizard, choose Data Type = “Delimited” and tick the “My data has headers” box -> Click Next.

    • In the Delimiters section, tick “Comma” -> Click Next.

    • Scroll through the fields preview and choose “Do not import column (skip)”, leaving only following columns: Date (UTC), User, Username, IP address, Location, Status. (For more logon details, you can also leave the “Application”, “Resource”, “Authentication requirement”, “Browser”, “Operating System” fields checked.) -> Click “Finish”.

  5. Filter by trusted locations (or IP addresses) using the “Location” (or “IP address”) column.

  6. Review the results:

How to Detect Sign-ins from Outside Trusted Locations in Azure AD - Native Auditing

REFERENCES

PreviousEnable QR code support and set require MFA to all usersNextExchange Admin

Last updated

Was this helpful?