Microsoft Entra ID: New Conditional Access Security Insights and Monitoring Workbook

What Changed

New ConditionalAccessSISM.json workbook added to Microsoft Entra ID solution providing comprehensive Conditional Access policy monitoring and insights for Zero Trust implementations.

Detection Surface Unlocked

The new workbook enables SOC teams to monitor and analyse Conditional Access effectiveness:

Real-time CA policy evaluation and success/failure rates
User account and workload identity CA compliance monitoring
Emergency account CA policy bypass detection
CA policy configuration drift and coverage analysis
Zero Trust implementation progress tracking

Uses AuditLogs, SigninLogs, AADServicePrincipalSignInLogs, and AADRiskyServicePrincipals tables for comprehensive CA visibility across user and service principal authentication flows.

Affected Files

Solutions/Microsoft Entra ID/Workbooks/ConditionalAccessSISM.json
Workbooks/Images/Preview/ConditionalAccessSISMBlack.png
Workbooks/Images/Preview/ConditionalAccessSISMWhite.png
Workbooks/WorkbooksMetadata.json

What Changed#

Detection Surface Unlocked#

Affected Files#

What Changed

Detection Surface Unlocked

Affected Files