What are Microsoft Entra ID workbooks

With the increase in cloud-based services and applications, having visibility into user activities and security events is more important than ever. IAM solutions like Microsoft Entra ID help administrators get the insights they need to effectively monitor and manage. Microsoft Entra workbooks are designed to address these needs by providing a powerful tool for visualizing and analyzing the raw data of your environment. Continue reading to find out how Microsoft Entra workbooks can help you get a bigger picture of the activities in your environment.

Why do you need Microsoft Entra workbooks?

Managing user identities and their access rights within an organization involves tracking a vast amount of data. You can access most of this data from Microsoft Entra ID's audit logs, which gives you information on all actions performed by and on your users. This includes tracking users from their creation, their sign-ins, role changes, password resets, license updates, and more. However, there comes a point when there is too much happening in your environment, and it can get overwhelming when hundreds of entries are stacked upon one another.

Microsoft Entra IDworkbooks address this issue by enabling administrators to transform log data into customizable, interactive reports, making it easier to monitor trends, detect anomalies, and get an overall statistic of any particular event in your tenant.

What can you use Microsoft Entra workbooks for?

Workbooks work by using the logs generated in Entra ID as their data source and converting the statistical data in them into visual graphs. These logs are used by workbooks from Log Analytics Workspaces. They can then be queried using Kusto Query Language (KQL) for the required data. This query will then be plotted in the desired graph for visualization.

This makes workbooks very customizable to represent any data in graphical formats. Some popular use cases are made into templates called Public Workbook Templates that can be used directly after configuring the required Log Analytics workspace. These are the templates available that can help you get started.

• Authentication prompts analysis: Displays the various types of authentication prompts used in your tenant.
• Conditional access gap analyzer: Shows if there are any users, applications, or locations that have been excluded from Conditional Access policies.
• Cross-tenant access activity: Tracks the resource usage by external users in your tenant.
• MFA gaps: Shows if any of your users or applications are not MFA protected.
• Risk analysis: Tracks user and sign-in risks by monitoring the activities in your tenant.
• Sensitive operations report: Identifies suspicious application and service principal activities in your environment.
• Sign-ins using legacy authentication: Displays all legacy authentication sign-ins in your environment.

What do you need to get started

To use Microsoft Entra workbooks in your tenant, you need to have the following technical prerequisites satisfied.

• A Microsoft Entra ID tenant with at least a P1 license
• A Log Analytics workspace
• An account with the Log Analytics Reader or Log Analytics Contributor role to access or update the Log Analytics workspaces used
• Knowledge on Kusto Query Language (KQL) scripting

Get a clear overview of your Microsoft 365 environment with M365 Manager Plus

ManageEngine M365 Manager Plus is a comprehensive administration and security solution for Microsoft 365 used for reporting, managing, monitoring, auditing, and creating alerts for critical activities in your Microsoft 365 environments. You can gain a thorough understanding of your environment not just in Microsoft Entra ID, but also Exchange Online, SharePoint Online, OneDrive for Business, and other Microsoft 365 services, with detailed reports and intuitive visualizations, all from a single console.

There are also other benefits to using M365 Manager Plus to manage and monitor your Microsoft 365 environment

• Filter your reports once and save them as custom reports that you can access in just a few clicks.
• Export reports generated in M365 Manager Plus in not just CSV, but also in other presentable formats such as HTML, PDF, and XLSX.
• Delegate granular permissions to technicians without elevating their Microsoft 365 privileges and create custom roles with any combination of reporting, management, and auditing tasks.
• Easily manage users, groups, contacts, mailboxes, teams, and sites in bulk without PowerShell scripting.
• Keep tabs on even the most granular user activities in your Microsoft 365 environment.
• Configure alert profiles in M365 Manager Plus to notify you of specific activities that take place outside of business hours or occur at unusual frequencies.
• Monitor the health and performance of Microsoft 365 features and endpoints around the clock.