Our next-gen architecture is built to help you make sense of your ever-growing data Watch a 4-min demo video!

Start Free Trial Request Demo
Back to All Integrations

Azure Active Directory Logs Azure Active Directory Logs

Last Updated: Sep. 13, 2023

Collect Azure Active Directory (AD) logs – audit, sign-in, and provisioning – and submit them to Coralogix for seamless integration.

Overview

Sign-in and audit logs comprise the activity logs behind many Azure AD reports, which can be used to analyze, monitor, and troubleshoot activity in your tenant. Routing your activity logs to an analysis and monitoring solution provides greater insights into your tenant’s health and security.

Activity logs help you understand the behavior of users in your organization. There are three types of activity logs in Azure AD:

  • Audit logs include the history of every task performed in your tenant.
  • Sign-in logs capture the sign-in attempts of your users and client applications.
  • Provisioning logs provide information about users provisioned in your tenant through a third-party service.

This tutorial demonstrates how to collect Azure audit and sign-in Logs and submit them to Coralogix. It requires that you configure your Azure AD Diagnostic Settings and leverage our Event Hub integration for the collection and submission of those logs to the Coralogix platform.

Prerequisites

  • Azure account with an active subscription [Note: To export sign-in data, you’ll need a P1 or P2 Azure AD license.]
  • EventHub Namespace [Note: If your EventHub has restricted public access you will need to enable VNet support using these optional configuration steps.]

Audit and Sign-in Log Export

STEP 1. To configure audit and sign-in exports, navigate to your Azure Active Directory resource.

STEP 2. Under Monitoring, click Diagnostic Settings.

STEP 3. Click + Add diagnostic setting.

STEP 4. In the Diagnostic Setting window, select your desired Categories and configure the Destination details to submit entries to your existing Event Hub.

Azure Active Directory Logs to Coralogix

Process Event Hub

Now that your audit and sign-in log entries are being exported to your Event Hub, you’ll need to deploy the Azure Event Hub integration to collect and submit the messages to the Coralogix platform.

Deploy the integration via ARM template or Terraform.

Additional Resources

DocumentationIntroduction to Microsoft Azure

Support

Need help?

Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.

Feel free to reach out to us via our in-app chat or by sending us an email at [email protected].

On this page