If you have Conditional Access configured and active within your Azure AD environment, there might be some scenario’s where users are not able to sign-in. If you want to troubleshoot these sign-in failures as an administrator you normally turn to the Azure AD sign-in logging and work from there to determine the cause of these failures.

The sign-in logs can be overwhelming though, and you might want to have a more detailed view of the exact scenario that the user is executing so that you can filter the sign-in logging to the specific part where things go wrong.

Well there is a way to accomplish that, by instructing your users to Enable flagging when they hit the error caused by Conditional Access. Here is how it works

Want to know more about Conditional Access? I’ve written a white paper on the subject which contains 95 pages, you can find the latest version below

When a user cannot access a resource they will probably be presented with a screen like the one below

You cannot access this right now

From that screen the user can select “more details” which will bring up a screen like the one below

Troubleshooting details

This screen already has some very specific information like the Request and Correlation ID which you can use in a filter, but both ID’s are GUIDs which is not very friendly to ask your end users to supply.

We can ask user to “Enable flagging” and which will flag each sign-in event, so that we can filter on them later. Once enabled, each sign-in log will be flagged for 20 minutes. So after users enable this option, you need to ask them to reproduce the issue.

Flagging enabled

Within Azure AD sign-in logging you can create a filter using the “Flagged for review” field

Flagged for review filter option

Once enabled, only the sign-ins where the user enabled flagging will appear in the list of sign-in logs giving you a better filtering option where you can concentrate on the specific issue that the user is experiencing.

Flagged for review enabled in the sign-in log

Flag sign-in errors for review is a very useful feature if you are troubleshooting Azure AD sign-in errors. You have to instruct your users to use it in case of an issue and they need to reproduce the issue for the sign-ins to appear. It can be handy though to filter on the specific scenario instead of going through all the sign-ins of that user instead.

What are flagged sign-ins in Azure Active Directory? – https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/overview-flagged-sign-ins

Previous articleStart using these 7 Power Apps Formulas (Power Fx)
Next articleMicrosoft Teams News Summary of Microsoft Ignite 2021 November #MSIgnite
avatar
I started my career in 1995 as a System Engineer in the broadcast industry, building and maintaining video editing suites and television studio's and later specializing in Telecine equipment. In 1998 I switched to a first line support function within the Information Technlogy on the dealing room of a large bank, working my way up to a 3rd line support engineer. From this position i started to work on projects, which eventually resulted in projects where I worked across the border. In this period I implemented and designed several deployment solutions for mass rollout of workstations, laptops and servers. Since 2009 I switched to a consultancy function mainly focusing on but not limited to System Center design and implementation projects, besides that I became a Microsoft Certified Trainer (MCT) and currently teach System Center Related Classes (SCCM, SCOM and SCSM). In Januari 2010 I received the Microsoft MVP award with the expertise Setup & Deployment which was extended in 2011 and 2012. In 2013 and 2014 I was awarded the VMware vExpert award. In october 2014 I received the Microsoft MVP award with the expertise System Center Cloud and Datacenter Management (SCCDM).

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.