Share via

Triggering Azure Function Based on Specific AAD AuditLog Event

tak-5409 60 Reputation points
2023-07-21T12:06:54.4866667+00:00

I'm looking to trigger an Azure Function based on a specific AAD AuditLog event.

Initially, I considered using Log Analytics Workspace and Azure Monitor Alert. However, I typically use Azure Monitor Alert for actual "alerts" in other scenarios. In this case, I don't want to trigger an alert because it's not a critical situation. Instead, it's merely an informational notification intended to keep users informed.

Is there a way to filter and export AAD AuditLogs to an Azure Function?

To be more specific, I would like to send an email based on a log event when a PIM activation log is generated in AAD AuditLog. I'm aware that there's a default feature in PIM to receive notifications, but due to certain constraints, I'm unable to utilize this feature.

Any guidance or suggestions would be greatly appreciated.

Microsoft Security | Microsoft Entra | Microsoft Entra ID

Answer accepted by question author

Givary-MSFT 35,786 Reputation points Microsoft Employee Moderator
2023-07-25T05:37:18.55+00:00

@tak-5409 Researched on your requirement ( To have Azure AD Trigger for Audit logs via Azure Function ). Similar requirement has been discussed on this QnA post - https://learn.microsoft.com/en-us/answers/questions/674041/azure-ad-trigger

Let me know if this helps to achieve your requirement, if you have any further questions feel free to post back.

Was this answer helpful?

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.