Microsoft Azure Active Directory API poller template
Use this SAM API poller template to monitor Microsoft Azure Active Directory (AD) performance and statistics counters, including Azure AD connect sync.
Links and screenshots herein are attributed to © 2021 Microsoft Corp., available at docs.microsoft.com.
Prerequisites
- ${EXPECTED_SYNCTIME}: The date and time for which you are requesting data. For example,
2019-12-02T13:55:02Z - ${GROUP_ID}: The Azure AD group for which you are requesting data. For example,
3047e099-727e-4b07-8d62-1145d5ad7b59 -
Configure OAuth 2.0 Azure credentials with the following values:
- Scope:
https://graph.microsoft.com/.default - Access Token URL:
https://login.microsoftonline.com/{TENANTID}/oauth2/v2.0/token - Although "(optional)" appears next to the Scope field in the UI, this value is required for API pollers based on this template.
- Scope:
-
Credentials have the following Application-type permissions for Microsoft Graph:
- Directory.Read.All
- Group.Read.All
- SecurityEvents.Read.All
Use the following parameters to specify the API endpoint in the request URL:
Notes
- Default thresholds are not set for this template.
- The GROUP_ID parameter is selected as the first item returned in the response. You can update this value, so proper data is returned.
- Here is an API request example:
https://graph.microsoft.com/v1.0/groups?$filter=onPremisesLastSyncDateTime le 2019-12-02T13:55:02Z
Available metrics
Azure AD Connect Status
Valid values include:
- True, if the object is synced with an on-premises directory;
- False, if it was originally synced from an on-premises directory, but is no longer synced; or
- Null, if it was never synced from an on-premises directory (default).
Unit: Boolean
Groups not synced with on-premises AD
Groups count that are not synced with on-premises AD.
Unit: Count
Groups not synced since specified date/time
Groups count that are not synced with on-premises AD since specified date/time.
Unit: Count
Users not synced since specified date/time
Users count that are not synced with on-premises AD since specified date/time.
Unit: Count
All users
The number of users that exist in Azure AD.
Unit: Count
Deleted users
Deleted users count that exist in Azure AD.
Unit: Count
All groups
Groups count that exist in Azure AD.
Unit: Count
Deleted groups
Deleted groups count that exist in Azure AD.
Unit: Count
All Office 365 groups
Office 365 groups count.
Unit: Count
All security groups
Security groups count.
Unit: Count
All mail enabled security groups
Security groups count that have mail enabled.
Unit: Count
All distribution groups
Distribution groups count.
Unit: Count
Group members
The total of members in the AD group.
Unit: Count
Group owners
The total of owners in the AD group, which can be users or service principals.
Unit: Count
Group conversations
The total of conversations in the AD group.
Unit: Count
All applications
The total of applications in Azure AD tenants.
Unit: Count
All top 1 aggregated security alerts
The total of security alerts that indicate suspicious actions related to Azure AD user accounts.
Unit: Count
First security score - currentScore
The Microsoft secure score attained by a tenant on a specific date. This value reflects the adoption rate of security controls for Microsoft 365 identities, data, apps, devices, and infrastructure. See also secureScore resource type.
Unit: Score
First security score - maxScore
The first maximum secureScore in the last 90 days of retained data.
Unit: Score
All top 1 aggregated security score
The highest secureScore value possible on a certain date if recommended improvement actions are fulfilled.
Unit: Score
First security score - activeUserCount
The Active user count of the given tenant.
Unit: Count
First security score - licensedUserCount
The Licensed user count of the given tenant.
Unit: Count
First security score - All top 1 aggregated security score control profiles
The aggregate score of all secureScoreControlProfiles that represents a tenant's secure score per control data.
Unit: Score