Microsoft Entra ID Gains Enhanced Logging for Agents and Service-to-Service Communication
Redmond, WA – September 26, 2024 – Microsoft today announced important updates to its Microsoft Entra ID logging capabilities, providing administrators with greater visibility into agent activity and inter-service communication within their tenants. The enhancements aim to improve transparency,strengthen security,and support compliance efforts.
A key addition is support for tracking agent identities across platforms including Copilot Studio and Azure AI Foundry. Microsoft plans to expand this support later this year to include agents from Security Copilot, Microsoft 365 Copilot, and third-party sources.
To facilitate this, Microsoft has introduced the “agentSignIn” resource in the Microsoft Graph API and an “is Agent” filter within the microsoft Entra sign-in logs user interface. “The agentSignIn resource in the MSGraph API and the “is Agent” UX filter in Microsoft Entra let IT admins quickly view details about agents in authentication logs and filter sign-in events to those done by agents only,” Microsoft explained in a statement. “This brings both clarity and control, making it quicker and easier to monitor agent activity with your institution’s resources.”
Beyond agent tracking,Microsoft is also rolling out new service principal sign-in logs,currently in public preview for commercial customers. These logs record token requests between Microsoft services – for example, the authentication between Microsoft Teams and Word when a user opens a document within Teams.
Microsoft announced enhanced sign-in log attributes,including AppOwnerTenantId,ResourceOwnerTenantId,SessionID,SourceAppClientID,Entra TenantID in Log Analytics,UserAgent in Service Principal Sign-In,and Autonomous System Number (ASN) in service principal sign-in logs.
These updates collectively provide IT teams with richer context and control over identity-related activity across Microsoft services, bolstering threat detection and investigation capabilities.
