Collect Microsoft Entra ID (previously Azure Active Directory) audit, sign-in, and provisioning logs, and submit them to Coralogix for seamless integration.
Sign-in and audit logs comprise the activity logs behind many Microsoft Entra ID reports, which can be used to analyze, monitor, and troubleshoot activity in your tenant. Routing your activity logs to an analysis and monitoring solution provides greater insights into your tenant’s health and security.
Activity logs help you understand the behavior of users in your organization. There are three types of activity logs in Microsoft Entra ID:
This tutorial demonstrates how to collect Microsoft Entra ID audit and sign-in logs and submit them to Coralogix. It requires that you configure your Microsoft Entra ID Diagnostic Settings and leverage our Event Hub integration for the collection and submission of those logs to the Coralogix platform.
STEP 1. To configure audit and sign-in exports, navigate to your Microsoft Entra ID resource.
STEP 2. Under Monitoring, click Diagnostic Settings.
STEP 3. Click + Add diagnostic setting.
STEP 4. In the Diagnostic Setting window, select your desired Categories and configure the Destination details to submit entries to your existing Event Hub.
Now that your audit and sign-in log entries are being exported to your Event Hub, you’ll need to deploy the Azure Event Hub integration to collect and submit the messages to the Coralogix platform.
Deploy the integration via ARM template or Terraform.
|Introduction to Microsoft Azure
Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.
Feel free to reach out to us via our in-app chat or by sending us an email at [email protected].