So I've written down a few steps I used when learning how to query Azure AD logs that have been sent to Azure Monitor.īefore you begin, if you haven't already configured this integration between Azure AD and Azure Monitor, you'll need to follow the steps to Integrate Azure AD logs with Azure Monitor logs. Because Azure services have changed their name in the past few years, it's sometimes challenging to figure out which PowerShell command to use.
Once you've configured Azure AD to send logs to Azure Monitor, you can also access those logs through PowerShell, sending queries from scripts or from the PowerShell command line, without needing to be a Global Admin in the tenant. We also built several reports for sign in analysis as Azure AD workbooks, and showed to set triggers for alert notifications.
Last year we announced that organizations with Azure AD Premium and an Azure subscription could start to build custom reports on their Azure AD audit and sign in logs, by configuring Azure AD to send those logs to Azure Monitor. Some questions I'm asked frequently about Azure AD - how can I see and retain more than 30 days of audit events from Azure AD features? And how can I get that audit history programmatically, without needing to sign in as a highly-privileged Azure AD administrator, in order to download records for a report to or answer an auditor’s inquiry?
0 kommentar(er)
