Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
666 questions
Detecting Rapid Microsoft Graph Read Requests on AzureAD and AzureRM
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 14.000000000000002%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETA%3C/text%3E%3C/svg%3E)
Taha Ahmad
21
Reputation points
Hello,
I am attempting to create analytic rules within Sentinel based around someone running AzureHound to enumerate the environment. However, after testing Azure within our environment I see that the only relevant logs created in Azure would be the sign-in to the Azure PowerShell module which would be a very noisy indicator in some environments. From my searching I was unable to see something that would log all the read requests created when enumerating AzureAD and AzureRM through the respective Azure PowerShell modules.
Am I missing something or is there no way that these requests are logged?