Hi @Sim1S ,
I was able to get some more information for you. My service area works with Azure AD. Setting up alert rules comes under Azure Monitor. We deal with Azure Monitor when it is related to AAD logs monitoring, but the solution to your question is not related to Azure AD. I can help as much as I can but I would recommend posting on the Azure Monitor forum for more specific answers related to that.
For control over emails and alerts you should engage with 0365/Exchange Online - These are some docs that I think can help you mail flow rules in Exchange Online Office 365 and Recommended Exchange Online Access Policies.
For the other questions you had:
- "Which resource is involved in the process?" - Azure monitor deals with Azure resources (compute resources, azure VMs etc). And Diagnostics settings are meant to be configured for those resources.
- "On which type of resource should I enable it to monitor user activities? Which alerts can be fired according to the same criteria?" The Azure Monitor Overview documentation should help with this.
I hope I at least was able to point you in the right direction. If this answer helped you please mark it as "Verified" so other users may reference it.
Best,
James