Introducing Microsoft Entra Health alerts: An enhancement to tenant health monitoring

We’re excited to announce the launch of Microsoft Entra Health alerts, a new capability for detecting potential tenant health degradations, that layers on top of existing health metric data streams to enhance the observability of your tenant. The alerts feature exemplifies Microsoft Entra's commitment to quality and resilience, as discussed in a related May 2024 blog post. This functionality, already in use by thousands of tenants during its first month of public preview availability, enables our customers to effectively monitor and manage their tenants’ health.  

In recent years, Microsoft Entra has made significant investments in resilience, resulting in exceptionally high availability. These efforts have enabled us to consistently surpass our industry standard authentication availability SLA of 99.99%, either approaching or exceeding 99.999% uptime each month. However, we recognize that optimal tenant health requires an active partnership with our customers, who must manage their IT operations and provide support to their users during any issues or service degradations. Enabling access for the right users with minimal friction while stopping intrusions and risk is critical to keep their organization running smoothly. In the event of disruption, or when there’s a preventative action that they can take to avoid future disruption, they need timely intelligence from their identity service provider. To facilitate this partnership on a larger scale, we’re developing end-to-end observability for significant use cases within the Microsoft Entra admin center at the tenant level.

This month, we’re pleased to introduce an automated alerting capability integrated with our existing low-latency health metrics data streams on the Health pane in the Microsoft Entra admin center as demonstrated below by this example of a spike in multifactor authentication (MFA) sign-in failures. 

Please note: This feature with the alerts capability included requires a Microsoft Entra premium-licensed tenant with a minimum of 100 monthly active users.

Figure 1: Showing all monitored scenarios, or you can filter down to just the scenarios with active alerts.

Figure 2: The signal of an alert caused by a spike in Microsoft Entra multifactor authentication failures.

The alerting capability is derived from an anomaly detection system that establishes baseline patterns and monitors deviations within your individual tenant. As it is calibrated at the tenant level, alerts are triggered based on the typical authentication patterns of your organization and can measure the impact within your specific tenant. This expands the scope of health awareness beyond traditional service incident communications, which will continue to be published on the Azure Service Health page. 

Our health monitoring data streams and alerts are available in the Microsoft Entra admin center. For integration with third-party tools or data pipelines, these alerts can also be accessed via Microsoft Graph. Here’s a brief overview of the monitoring flow: 

1. Tenant-level health metric data streams: We begin with tenant-level health metrics that are streamed at low latency to premium-licensed tenants. Our starter pack includes measuring the health of MFA, Conditional Access-managed devices, Conditional Access-compliant devices, and Security Assertion Markup Language (SAML) sign-ins.
2. Anomaly detection: Our anomaly detection system watches these data streams at the tenant level and fires an alert to your tenant in the event of a break from the baseline pattern. A minimum of 100 monthly active users are required for alerts to be available within a premium-licensed tenant.
3. Notification options: In the event of an alert, you can sign up for email notifications to be sent to a user or distribution group. Notifications can be configured differently for each monitoring scenario. You also have the option to query for alerts from Microsoft Graph if you prefer to develop your own pipeline.
4. Alert investigation: Alerts are available to study in the Microsoft Entra admin center or in the Azure Portal, or by calling Microsoft Graph. From there, you can assess impact, get remediation guidance, investigate root causes, and resolve issues when they’re within your control.

Let’s examine a typical scenario to demonstrate the process described above. In this instance, there is an unexpected increase in Microsoft Entra MFA sign-in failures within the tenant of a large enterprise. The team responsible for managing authentication and access receives an email notification instructing them to investigate the issue. An IT engineer from the team reviews the alert, analyzes the MFA sign-in failure data stream, and researches possible root causes. By utilizing the links to affected applications and users provided in the alert, along with the audit and sign-in logs, the IT engineer identifies a recent application configuration change that introduced an error. The engineer corrects the error and MFA sign-ins return to normal within minutes of issue detection. 

If you have a premium tenant with more than 100 monthly active users, I encourage you to visit the Health pane of the Microsoft Entra admin center and try out the health alerts feature today. Start by configuring alerts to send email notifications to the group in your organization responsible for each scenario. By providing low-latency, tenant-specific alerts, you can proactively monitor and manage your tenant's health.  

This feature underscores Microsoft Entra's commitment to delivering high-quality, resilient services that support our customers’ productivity and success. Stay tuned for more updates and enhancements as we continue to innovate and improve our health monitoring capabilities.  

Shobhit Sahay

Principal Group Product Manager

Read more on this topic

• Microsoft Entra Health Monitoring Introduction demo video
• How to configure Health email notifications (preview) - Microsoft Entra ID | Microsoft Learn
• How to investigate Health monitoring alerts (preview) - Microsoft Entra ID | Microsoft Learn
• Service Level Agreement performance for Microsoft Entra ID - Microsoft Entra ID | Microsoft Learn

Learn more about Microsoft Entra  

Prevent identity attacks, ensure least privilege access, unify access controls, and improve the experience for users with comprehensive identity and network access solutions across on-premises and clouds. 

• ⁠Microsoft Entra News and Insights | Microsoft Security Blog
• ⁠⁠Microsoft Entra blog | Tech Community
• Microsoft Entra documentation | Microsoft Learn
• Microsoft Entra discussions | Microsoft Community