Azure AD - Integrating Azure AD logs with Azure Monitor
Hey, let's ship Azure AD platform logs to a Log Analytics workspace :) For many smaller orgs, this will likely be free, and it provides a huge amount of insights that help facilitate things like removal of Legacy Authentication and fine tuning of Conditional Access policies
This will be a short thread, the documentation for this is over here: https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-with-log-analytics… The general process - create a Log Analytics Workspace, then configure Azure AD Diagnostic settings to send the logs Start by logging into the Azure Portal: http://portal.azure.com
Let's start by searching for Log Analytics and open that service I haven't added any yet, so I'm going to click Create I have no Resource Groups either, so I have to create one of those. Think of this as a logical container to store services inside of, like Log Analytics :)
Now, you could just click Review and Create which will do Pay-as-you-go, but you may want to click Next and customize payment options Some subscriptions have a Free tier that just stop ingesting after the free 5GB/month Tags can be helpful in large orgs :) And click Create!
Next, go into Azure AD, then click Diagnostic Settings You can split out logs to different workspaces or even send them to multiple workspaces depending on your needs Click Add diagnostic settings, select the logs we want, then select our LA workspace, and hit Save That's it!
Next, go into Azure AD, then click Diagnostic Settings You can split out logs to different workspaces or even send them to multiple workspaces depending on your needs Click Add diagnostic settings, select the logs we want, then select our LA workspace, and hit Save That's it!