Let’s discuss How to Monitor Microsoft Entra Tenant Health and Detect Potential Degradations. Microsoft launched the general availability of a new capability in Microsoft Entra Health alerts to detect potential tenant health degradations.
Tenant Health Monitoring acts as layers on top of existing health metric data streams to enhance the observability of your tenant. Last year, Microsoft introduced many features for quality and resilience. This feature also shows the Commitment to quality and resilience.
The Public preview version of this capability has received much positive feedback and it is used by thousands of tenants during its first month of public preview availability. Entra Health alerts proved that they effectively monitor and manage their tenants’ health.
This month, Microsoft Introduce an automated alerting capability integrated with existing low-latency health metrics data streams on the Health pane in the Microsoft Entra admin center. In this blog post i will help you to know more about this new feature on Entra.
Table of Contents
How to Monitor Microsoft Entra Tenant Health and Detect Potential Degradations
As mentioned above, Entra Tenant Health Monitoring feature developed as a part of resilience. Microsoft recognize that optimal tenant health requires an active partnership with our customers, who must manage their IT operations and provide support to their users during any issues or service degradations.
Please note: This feature with the alerts capability included requires a Microsoft Entra premium-licensed tenant with a minimum of 100 monthly active users.
- Blocking Device Code Flows DCF in Microsoft Entra ID to Protect your Tenant from Phishing Attacks
- How QR Code and PIN Authentication Simplifies Sign-In for Frontline Workers in Microsoft Entra ID
- Microsoft Moves Per-User Multifactor Authentication to Entra ID for Easier Management
How to Access Microsoft Entra Tenant Health Monitoring in Entra Portal
To Access the Tenant Health Monitoring, you can sign in on the Microsoft Entra admin center with your credentials. After that, go to Monitoring & Health > Health > Health Monitoring. On the Health Monitoring tab, click on All Scenarios. Then you can see some scenarios. The table below shows the available scenarios.
| Available Scenarios |
|---|
| Sign-ins requiring Microsoft Entra multifactor authentication (MFA) |
| Sign-ins requiring a managed device |
| Sign-ins requiring a compliant device |
| Sign-ins to applications using SAML authentication |
On the screenshot below, you can see the Active Scenarios tab near the scenarios. Here, the Active Scenarios are empty. And ts as Data Only. If any Alert available, it shows as Alert or No active alert.
Scenario – Multifactor Authentication (MFA) Sign-in Failures
The scenario below shows Multifactor Authentication (MFA) Sign-in Failures. The below graph shows the data aggregated every 60 minutes. Data Rank of the Last 7 days are shown on the Y axis and X axis shows the date. Here, the Jan 10 date shows the high(27) MFA sign-in failure Volume that happened.
Alerts Can be Accessed Via Microsoft Graph
By accessing health monitoring data streams and alerts available on the Microsoft Entra admin Center, you can acess this same alerts from Microsoft Graph. Microsoft create this facility with the integration with third-party tools or data pipelines. The below table shows the overview of the monitoring flow in Microsoft Graph.
| Available Flows | Details |
|---|---|
| Tenant-Level Health Metric Data Streams | Microsoft begin with tenant-level health metrics that are streamed at low latency to premium-licensed tenants. It includes measuring the health of MFA, Conditional Access-managed devices, Conditional Access-compliant devices, and Security Assertion Markup Language (SAML) sign-ins. |
| Anomaly Detection | Tenant tenant-level data stream can be watched with the Anomaly Detection. And it fires an alert to your tenant in the event of a break from the baseline pattern. A minimum of 100 monthly active users is required for alerts to be available within a premium-licensed tenant. |
| Notification Options | In the event of an alert, you can sign up for email notifications to be sent to a user or distribution group. Notifications can be configured differently for each monitoring scenario. You also have the option to query for alerts from Microsoft Graph if you prefer to develop your own pipeline. |
| Alert Investigation | Alerts are available to study in the Microsoft Entra admin center or in the Azure Portal or by calling Microsoft Graph. From there, you can assess impact, get remediation guidance, investigate root causes, and resolve issues when they’re within your control. |
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Resource
Introducing Microsoft Entra Health alerts: An enhancement to tenant health monitoring
Author
Anoop C Nair has been Microsoft MVP from 2015 onwards for 10 consecutive years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is also a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.