Documentation forServer & Application Monitor

Microsoft Azure Active Directory API poller template

Use this SAM API poller template to monitor Microsoft Azure Active Directory (AD) performance and statistics counters, including Azure AD connect sync.

Links and screenshots herein are attributed to © 2021 Microsoft Corp., available at docs.microsoft.com, obtained on October 8, 2021.

Prerequisites

  • Use the following parameters to specify the API endpoint in the request URL:
    • ${EXPECTED_SYNCTIME}: The date and time for which you are requesting data. For example, 2019-12-02T13:55:02Z
    • ${GROUP_ID}: The Azure AD group for which you are requesting data. For example, 3047e099-727e-4b07-8d62-1145d5ad7b59
  • Configure OAuth 2.0 Azure credentials with the following values:
    • Scope: https://graph.microsoft.com/.default
    • Access Token URL: https://login.microsoftonline.com/{TENANTID}/oauth2/v2.0/token

      Although "(optional)" appears next to the Scope field in the UI, this value is required for API pollers based on this template.

  • Credentials have the following Application-type permissions for Microsoft Graph:
    • Directory.Read.All
    • Group.Read.All
    • SecurityEvents.Read.All

Notes

  • Default thresholds are not set for this template.
  • The GROUP_ID parameter is selected as the first item returned in the response. You can update this value, so proper data is returned.
  • Here is an API request example: https://graph.microsoft.com/v1.0/groups?$filter=onPremisesLastSyncDateTime le 2019-12-02T13:55:02Z

Available metrics

Azure AD Connect Status

Valid values include:

  • True, if the object is synced with an on-premises directory;
  • False, if it was originally synced from an on-premises directory, but is no longer synced; or
  • Null, if it was never synced from an on-premises directory (default).

Unit: Boolean

Groups not synced with on-premises AD

Groups count that are not synced with on-premises AD.

Unit: Count

Groups not synced since specified date/time

Groups count that are not synced with on-premises AD since specified date/time.

Unit: Count

Users not synced since specified date/time

Users count that are not synced with on-premises AD since specified date/time.

Unit: Count

All users

The number of users that exist in Azure AD.

Unit: Count

Deleted users

Deleted users count that exist in Azure AD.

Unit: Count

All groups

Groups count that exist in Azure AD.

Unit: Count

Deleted groups

Deleted groups count that exist in Azure AD.

Unit: Count

All Office 365 groups

Office 365 groups count.

Unit: Count

All security groups

Security groups count.

Unit: Count

All mail enabled security groups

Security groups count that have mail enabled.

Unit: Count

All distribution groups

Distribution groups count.

Unit: Count

Group members

The total of members in the AD group.

Unit: Count

Group owners

The total of owners in the AD group, which can be users or service principals.

Unit: Count

Group conversations

The total of conversations in the AD group.

Unit: Count

All applications

The total of applications in Azure AD tenants.

Unit: Count

All top 1 aggregated security alerts

The total of security alerts that indicate suspicious actions related to Azure AD user accounts.

Unit: Count

First security score - currentScore

The Microsoft secure score attained by a tenant on a specific date. This value reflects the adoption rate of security controls for Microsoft 365 identities, data, apps, devices, and infrastructure. See also secureScore resource type.

Unit: Score

First security score - maxScore

The first maximum secureScore in the last 90 days of retained data.

Unit: Score

All top 1 aggregated security score

The highest secureScore value possible on a certain date if recommended improvement actions are fulfilled.

Unit: Score

First security score - activeUserCount

The Active user count of the given tenant.

Unit: Count

First security score - licensedUserCount

The Licensed user count of the given tenant.

Unit: Count

First security score - All top 1 aggregated security score control profiles

The aggregate score of all secureScoreControlProfiles that represents a tenant's secure score per control data.

Unit: Score