Azure AD DS Diagnostics Logs

RST 86 Reputation points
2020-10-02T07:19:06.893+00:00

Hi Experts,

I have setup Azure AD DS diagnostics logs to send to Storage account and Event Hub, however when i go > Storage Account > Container I only see AccountLogon, AccountManagment, logonlogoff, privilageuse instead of complete category.

Additionally how do i view this event, wouldn't i get the same interface as in WIndows event viewer, If I want to run any query where should I integrate this logs. Attempted LogAnalystics to integrate storage account log but unable to run any query.

Would be much helpful to share leads to show Azure AD DS security/audit logs using storage account & Event hub.

Microsoft Entra
{count} votes

1 answer

Sort by: Most helpful
  1. Alfredo Revilla (MSFT) 26,756 Reputation points
    2020-10-26T21:50:55.087+00:00

    Hi @RST pleas take a look to Query and view security audit events using Azure Monitor for how to view and analyze the security audit events using Azure Monitor and the Kusto query language. Also you might try Review security audit events in Azure Active Directory Domain Services using Azure Monitor Workbooks which offer Azure AD DS templates for security overview and account activity that will let you dig into audit events and manage your environment.

    Let us know if this answer was helpful to you. If so, please remember to mark it as the answer so that others in the community with similar questions can more easily find a solution.

    0 comments No comments