Integrate Azure AD logs with Azure Log Analytics
This post describes how to Integrate Azure AD logs with Azure Log Analytics. We know log Analytics allows to perform tasks like
- query data to find particular events
- analyze trends
- perform correlation across various data sources
Integrate Azure AD logs with Azure Log Analytics will help to perform tasks like:
- Compare Azure AD sign-in logs against security logs published by Azure Security Center
- Troubleshoot performance bottlenecks on application’s sign-in page by correlating application performance data from Azure Application Insights
How to Send logs to Log Analytics
Follow the steps below to send logs to log analytics
- Sign in to the Azure portal
- Navigate to Azure Active Directory ->Diagnostic settings->Add diagnostic setting.
- Under “Diagnostic settings” menu, select “Send to Log Analytics” check box, and then select “Configure”.
- We can select either the Log Analytics workspace we want to send the logs to, or can create a new workspace in the provided dialog box.
- Next select either or both from “LOG”. Select “AuditLogs” check box to send audit logs to Log Analytics workspace, select “SignInLogs” check box to send sign-in logs to Log Analytics workspace.
- Click on “Save” to save the setting.
- After few minutes at least 15 minutes you notice events are streamed to Log Analytics workspace.