Integrate Azure AD logs with Azure Log Analytics

 

Integrate Azure AD logs with Azure Log Analytics

This post describes how to Integrate Azure AD logs with Azure Log Analytics. We know log Analytics allows to perform tasks like

  • query data to find particular events
  • analyze trends
  • perform correlation across various data sources

Integrate Azure AD logs with Azure Log Analytics will help to perform tasks like:

  • Compare Azure AD sign-in logs against security logs published by Azure Security Center
  • Troubleshoot performance bottlenecks on application’s sign-in page by correlating application performance data from Azure Application Insights

How to Send logs to Log Analytics

Follow the steps below to send logs to log analytics

  • Sign in to the Azure portal
  • Navigate to Azure Active Directory ->Diagnostic settings->Add diagnostic setting.
  • Under “Diagnostic settings” menu, select “Send to Log Analytics” check box, and then select “Configure”.
  • We can select either the Log Analytics workspace we want to send the logs to, or can create a new workspace in the provided dialog box.
Integrate Azure AD logs with Azure Log Analytics 1209x526
  • Next select either or both from “LOG”. Select “AuditLogs” check box to send audit logs to Log Analytics workspace, select “SignInLogs” check box to send sign-in logs to Log Analytics workspace.
  • Click on “Save” to save the setting.
  • After few minutes at least 15 minutes you notice events are streamed to Log Analytics workspace.


Categories: azure monitor, Log

Tags: , , , , , , , ,

%d bloggers like this: