Investigating and resolving authentication issues– Planning and Implementing Authentication

24/12/202324/12/2023| Christine AlbertInvestigating and resolving authentication issues– Planning and Implementing Authentication| 0 Comment| 4:36 am
Categories :

Resolving authentication issues in Azure AD can be tricky, due to the number of authentication methods, sign-in methods, and other configurations that may be put in place.

The first step, when attempting to troubleshoot an issue, is to review any available sign-in logs in the Azure portal. To locate the sign-in logs, navigate to the Azure portal (https://portal.azure.com) and then select Azure Active Directory | Sign-in logs:

Figure 7.30 – Sign-in logs

Each authentication failure generates an individual entry. You can select an entry to see expanded details, as shown in Figure 7.31:

Figure 7.31 – Activity details

The Basic info tab displays high-level information about this particular event. The critical piece of information will typically be listed next to Failure reason, and some expanded explanation may be available in the Additional Details property. In the example shown in Figure 7.31, it’s easy to determine that the user entered an incorrect password. If the user has entered an incorrect password multiple times in a row, it may be a sign of a forgotten password or an attempted identity breach. Figure 7.32 shows the same account after it has met the smart lockout threshold:

Figure 7.32 – Sign-in details showing a locked-out account

The Location tab will show detailed information regarding the source IP address, and, if possible, resolution to a particular geographic location.

The Device info tab displays information regarding the device that was attempting a login, such as a Windows 10 device with the Edge browser.

The Authentication Details tab provides additional information regarding the authentication method, including whether the user is configured for Password Hash Sync, Federation, or Pass-through Authentication, or whether they’re using a cloud-managed identity.

Figure 7.33 – Authentication details

Finally, the last two tabs, Conditional Access and Report-only, show what policies took effect during the sign-in process.

Resolving an authentication issue sometimes requires examining several logs to determine the source of the error. In many cases, however, the detailed data provided on each of the tabs of an event’s activity details should provide adequate information to pinpoint the source of the error.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post

The Azure AD portal– Planning and Managing Azure AD Identities

03/04/202103/04/2021 Christine AlbertThe Azure AD portal– Planning and Managing Azure AD Identities
Bulk operations can also be performed through the Microsoft Azure AD portal. In contrast to [...]
Read MoreRead More

Per-user multi-factor authentication– Planning and Implementing Authentication

14/02/202314/02/2023 Christine AlbertPer-user multi-factor authentication– Planning and Implementing Authentication
If MFA was configured in your tenant before October 2019, it may have been configured [...]
Read MoreRead More

FIDO2 security keys– Planning and Implementing Authentication

01/04/202301/04/2023 Christine AlbertFIDO2 security keys– Planning and Implementing Authentication
Physical tokens, such as the Fast Identity Online 2 (FIDO2)-based token or security key, are [...]
Read MoreRead More