Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
For information on using these queries in the Azure portal, see Log Analytics tutorial. For the REST API, see Query.
Frequent users endpoint callers (AAD Graph)
Gets list of apps and service principals calling users endpoint in AAD Graph.
AADGraphActivityLogs
| where RequestUri has "users"
| summarize NumRequests = count() by AppId, ServicePrincipalId, UserId
| sort by NumRequests desc
| limit 100
Failed groups endpoint requests (AAD Graph)
Gets a list of failed requests to group entities in AAD Graph, by apps and service principals.
AADGraphActivityLogs
| where ResultSignature == "403"
| where RequestUri has "groups"
| summarize UniqueRequests = dcount(RequestId) by AppId, ServicePrincipalId, UserId
| sort by UniqueRequests desc
| limit 100