Guides
Google Workspace
Overview
Sign Up with Google Workspace
Connecting Google Workspace
Google Chat
Google Meet
Microsoft365
Overview
Sign Up with Microsoft 365
Connecting Microsoft 365
Microsoft 365 Audit Log Activation
Microsoft Logins
HubSpot
Overview
Setup
CRM
Sales
Service
Salesforce
No items found.
Attio
Overview
Setup
Slack
Overview
Setup
Atlassian
Overview
Setup
GitHub
Overview
Setup
Commits
Comments
Pull Requests
Linear
Overview
Setup
Zoom
Overview
Setup
Phone
Meetings
Webinars
Basecamp
Overview
Setup
Files
To-Dos
Comments
Monday.com
Overview
Setup
Notion
Overview
Setup
Everhour
Overview
Setup
Harvest
Overview
Setup
Toggl Track
Overview
Setup
ClickUp
Overview
Setup

Table of contents

First heading in the blog
Guides
<l1>

Microsoft Logins

Integrations
Microsoft365
Last updated
April 22nd, 2026

Microsoft Logins

Microsoft login events give WorkSights a reliable signal of when a user actively authenticates with their Microsoft 365 account. These events come directly from Azure AD via the Unified Audit Log and reflect real user-driven authentication, not background system activity.

Microsoft login activity requires audit logging to be active for your tenant. If login events are not appearing, see Microsoft 365 Audit Log Activation.

For connection steps, see Connecting Microsoft 365.

What WorkSights Receives

WorkSights ingests Azure AD login audit events from the Unified Audit Log. These appear when a user signs in, renews a session after a timeout, or completes an OAuth consent flow that requires authentication. Each login entry includes a timestamp, event type, and IP-based location metadata when available. Passwords, authentication tokens, and application content are never received.

How Login Activity Appears

Login events appear as short one-minute entries on the user's timeline. They help clarify when a user started their working session, when an action required re-authentication, and whether activity was performed across multiple devices or locations. Login events use WorkSights's green activity color for fast visual recognition.

Because these signals reflect identity rather than work execution, they serve as contextual markers and do not contribute to performance scoring.

Data Notes

Microsoft does not expose session duration or active presence, so WorkSights reflects logins as discrete authentication moments rather than ongoing sessions. Background system activity and automated Microsoft operations are filtered out so only user-driven authentication events appear. Activity appears only for mapped users.

Troubleshooting

If login activity is not appearing as expected:

  • Confirm audit logging is active for your tenant. Login events require the Unified Audit Log. See Microsoft 365 Audit Log Activation.
  • Confirm the affected user is mapped in WorkSights.
  • Login events reflect user-driven authentication only. If a user authenticates via SSO or a third-party identity provider without passing through Azure AD, events may not appear.
  • For persistent issues, contact support via the in-app chat.

Related Guides

Microsoft 365 Overview

Connecting Microsoft 365

Microsoft 365 Audit Log Activation

Product
FeaturesPricingFAQs
Company
ContactAbout
Resources
GuidesSupportBlogStatus
PrivacyTermsSecurity
Bluesky Streamline Icon: https://streamlinehq.com Bluesky
<year> WorkSights AI