Solutions

Sensor for failed azure AD logins

Modified on 2025-06-10 20:24:11 +0200

Hi,

I'm searching for posibilites to create a sensor that is monitoring the Azure Active Direcory account on failed logins.

So far i only found a posibility to log failed login attemps from the windows event viewer (https://www.paessler.com/manuals/prtg/event_log_windows_api_sensor) But in my opinion, this sensor is monitoring it from the wrong side. This sensor only shows failed logins on the devices that we have, missing the most important thing i'm looking for (showing failed logins from places and devices outside of our organisation)

Long story short, I want to create a sensor with these spec but i don't know how - Failed account login, monitored from the accounts - I want to see hacking attemps on the accounts - I prefer the monitoring of Azure AD accounts.

Article Comments

Hello, we don't have a native sensor on PRTG to perform this. There might be something similar with the HTTP Transaction sensor to test the login if it was an HTTP site. But this would only test a login from the probe machine using an specific user. So we may not have a way to create a sensor to test login from several sites and users.

Mar, 2022 - Permalink

Disclaimer:
The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.

Sensor for failed azure AD logins

Article Comments

Search

Attention

Related Articles