How to investigate the sign-ins to applications using SAML authentication

The Security Assertion Markup Language (SAML) authentication scenario provides health monitoring signal but doesn't trigger alerts. The scenario monitors SAML 2.0 authentication attempts that the Microsoft Entra cloud service for your tenant successfully processed. This metric currently excludes WS-FED/SAML 1.1 apps integrated with Microsoft Entra ID.

• Use a SAML 2.0 IdP for single sign on.