Integrate Azure AD logs with Azure Log Analytics

This post describes how to Integrate Azure AD logs with Azure Log Analytics. We know log Analytics allows to perform tasks like

• query data to find particular events
• analyze trends
• perform correlation across various data sources

Integrate Azure AD logs with Azure Log Analytics will help to perform tasks like:

• Compare Azure AD sign-in logs against security logs published by Azure Security Center
• Troubleshoot performance bottlenecks on application’s sign-in page by correlating application performance data from Azure Application Insights

How to Send logs to Log Analytics

Follow the steps below to send logs to log analytics

• Sign in to the Azure portal
• Navigate to Azure Active Directory ->Diagnostic settings->Add diagnostic setting.
• Under “Diagnostic settings” menu, select “Send to Log Analytics” check box, and then select “Configure”.
• We can select either the Log Analytics workspace we want to send the logs to, or can create a new workspace in the provided dialog box.

• Next select either or both from “LOG”. Select “AuditLogs” check box to send audit logs to Log Analytics workspace, select “SignInLogs” check box to send sign-in logs to Log Analytics workspace.
• Click on “Save” to save the setting.
• After few minutes at least 15 minutes you notice events are streamed to Log Analytics workspace.

Categories: azure monitor, Log

Tags: Azure, azure active directory audit log, azure ad logs, azure log analytics, azure-monitor, Integrate Azure AD logs with Azure Log Analytics, log monitor, send azure ad logs to azure log analytics, send logs to log analytics