# Azure Active Directory

**Activity Logs & Alerts:**

* Sign-In Logs ( full reference [here](https://learn.microsoft.com/en-us/graph/api/signin-list?view=graph-rest-1.0\&tabs=http) )
* Directory Logs ( full reference [here](https://learn.microsoft.com/en-us/entra/identity/monitoring-health/concept-provisioning-logs))
* Risky Users Logs ( full reference [here](https://learn.microsoft.com/en-us/entra/id-protection/howto-identity-protection-investigate-risk#risky-users))

**Identities and their profile information & Configuration**

* Users (SSO & Locally Managed) 
* Groups
* Service Principals
* Roles Definitions & Assignments 
* Identity Providers
* External Federation
* Administrative Units
* Organization Information 
* Authentication Methods
* Security Policies (Including Conditional Access Policies)
* Devices
* Named Locations
* Domains
* Applications
* OAuth Grants
* Teams Information
* Security Recommendations 

{% hint style="info" %}
**Optional** Microsoft 365 Integration will also collect the following
{% endhint %}

* Sensitivity Labels
* Sensitive Drive Records
* Sites Information