By Rod Trent and Azure Sentinel News
A recent enhancement to the Diagnostic Settings for Azure AD allows you to add the AD FS sign-in information to be used in your Azure Sentinel environment. This is a long awaited capability.
To enable the ADFSSignInLogs to be available in your Azure Sentinel environment, modify the Diagnostic Setting for Azure AD that was created when you enabled the Azure Sentinel Data Connector for Azure Active Directory. Enable the ADFSSignInLogs log collection as shown in the example.
The current data columns available are shown in the table just below, but you can always find the latest in the Azure Monitor reference.