Azure AD Activity Logs in Azure Monitor Diagnostics now in public preview

Howdy folks,

Today, were turning on the public preview of Azure AD Activity Logs in Azure Monitor (Azures platform-wide monitoring service) offering you long-term retention as well as seamless integration. These improvements and new capabilities offer you:

  • Long-term retention by routing logs to your own Azure storage account.
  • Seamless SIEM integration without writing or maintaining any custom scripts.
  • Seamless integration with your own custom solutions, analytics tools or incident management solutions.

Many of our largest customers participated in the private preview of this feature. Id like to thank all of them for their help and feedback. On average, they saw a 60 percent reduction in the time admins spent getting Azure AD Activity Logs. They also reported how easy the service is to use. Azure AD Activity Logs in Azure Monitor Diagnostics is simple to configure and only requires an Azure subscription. With a simple click, you can route the logs to your storage account or Event Hub. In addition, you can set this up with your SIEM tool, custom apps, or any service management systems through Event Hub integration within minutes.

Here is a quick screenshot walkthrough showing Splunk integration with a dashboard view of the Sign-ins:

Figure 1: Azure Monitor Diagnostic settings for Azure AD Logs.

Figure 2: Azure AD Logs in Splunk through Event Hub.

Figure 3: Splunk reports based on Azure AD Sign-ins.

This strategy for routing logs is consistent with other Azure resources as well. (You can find the details here about which Azure resources offer this functionality.)

Get started

To help get you started with Azure AD Activity Logs in Azure Monitor Diagnostics, weve put together some helpful resources:

Whats next?

Based on feedback we received from our private preview customers, we will integrate the feature with Azure Log Analytics. As we work to bring this feature to general availability, we look forward to your feedback on the Azure AD Reporting forum.

Best Regards,

Alex Simons (Twitter:@Alex_A_Simons)

Director of Program Management

Microsoft Identity Division


Source: EM+S Blog Feed

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.