Glossary
Sign-in Log
Microsoft Entra ID's record of every authentication attempt, with detail on conditions, MFA, and risk.
The Entra ID sign-in log records every authentication attempt against the tenant — successful sign-ins, failed attempts, MFA challenges, Conditional Access policy evaluations, risk assessments. Each entry includes the user, app, IP address, location, device, client, authentication method, applied CA policies, and outcome. Searchable in the Entra admin center, exportable to Log Analytics / Microsoft Sentinel, and queryable via the Microsoft Graph. Retention varies by tier: 7 days on the free tier, 30 days on P1 / P2, longer with Log Analytics workspace storage. The primary surface for investigating user-impacting authentication issues and for identity-side threat hunting.