How can I track sign-ins from non-Entra joined devices?

By
William Rossbach
-
0
70
Asked By CloudyDreamer87 On

Hey everyone! I'm currently working on a project that restricts access to our cloud applications to only Entra-joined devices using a conditional access policy. I need to identify who is logging in from non-Entra joined devices. This is important for a couple of reasons: we want to make sure employees from acquisitions are using Entra-joined machines, and we need to track employees who may be working on client laptops yet still need access to our resources. Is there an easier way to pull a report for this information, or should I just set up a conditional access policy targeting Entra-joined devices and look at the report of any failures? Thanks for your help!

5 Answers

Answered By KQLMaster9000 On

Using KQL with the sign-in logs is your best bet. It gives responsive feedback on who is logging in and from what devices without too much hassle.

Answered By TechSavvyNomad On

You could dive into the sign-in logs and filter the results to pinpoint the specific sign-ins. Personally, I like using the reporting feature that comes with your conditional access audit policy as it provides a comprehensive view.

Answered By AzureAnalysisWhiz On

Just a heads up about using the report-only mode: it sometimes has glitches. Specifically, the report-only might mistakenly block users due to weird settings. So, after activating it, be ready to disable it again for a day or two to sort out any hiccups. It’s useful, but definitely tread carefully!

Answered By SecureAccessGuru On

The easiest way to do this is to set your conditional access policy to report-only mode first. Then, by enabling log analytics, you can run queries over time to get insights into sign-ins from non-Entra devices. This method will give you a clearer picture without immediately impacting users. Just keep an eye on the logs and adjust as necessary!

Answered By InsightSeeker22 On

Just a note: even with KQL or conditional access policies, expect some inconsistencies. For example, if someone is signing in via a private window, their device info might not appear at all. Keep that in mind when analyzing your reports!

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.