We are using the client credentials flow in Azure AD to authenticate our API's when the caller is some type of daemon process. Our security policies dictate that we need to audit when access attempts fail. For the most part we have been able to accommodate most of the security departments requirements except for when the get token request fails. This could be due to a number of reasons such as an invalid client id, secret, or certificate. The endpoint we are using to request a token is https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token.
I tried a few examples demonstrating passing invalid parameters to the access token request. I then checked the audit logs & sign-ins monitoring sections of our Azure AD tenant expecting to see some type of authorization denied message. To my surprise there was nothing.
I've tried searching client credentials flow auditing on Microsoft docs and on Google but I have not been able to find anything in regards to auditing failed access token requests.
Is there somewhere in the portal we can view when the access token request does not return a bearer token?
