This is an automated archive.
The original was posted on /r/sysadmin by /u/Project__5 on 2024-01-23 15:01:24+00:00.
I'm familiar with using Entra AD (Azure AD) to review sign-in logs. E.g. if a user fails conditional access policy, looking up the Request ID from their error message in the sign in logs to gain more information.
I'm assisting a vendor log into our Azure DevOps site (https://dev.azure.com/[ourOrganization]). Everyone logging into this is using an Entra AD account managed at our tenant.
The problem is, I'm not seeing any logins getting logged ANYWHERE. I have a vendor failing to log in, he gives me the Request ID from his error message, but that ID is nowhere to be found in Entra. Everything else BUT DevOps logins seems to be getting logged just fine.
I have tried enabling auditing in DevOps, but shows auditing for object changes, not logins. I have confirmed DevOps is linked to our tenant.
Where can I find this information or where can I troubleshoot failed login attempts for Azure DevOps?
Thanks.