Share via

How do we monitor activity and changes to a specific service account in Azure with email alerts

Bruce, Emerson M 1 Reputation point
2024-05-17T14:23:43.86+00:00

what are specific steps for monitoring a service account (or multiple accounts by group) for all activity and changes to the account permissions, etc. - email or other immediate alerting would be required. I would like to be able to filter out approved activity if possible. This is in a GCC environment.

Example: backup and restore tool service account with access to teams and sharepoint data doing anything other than backups.

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,908 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Carlos Solís Salazar 17,186 Reputation points MVP
    2024-05-19T15:17:15.1133333+00:00

    Hi Bruce.

    Monitoring activity and changes to a specific service account in Azure with email alerts can be achieved using Azure Monitor Alerts

    You can create an alert following this documentation https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-manage-alert-rules?wt.mc_id=studentamb_232547

    Hope this helps!

    Remember to accept the answer if it is helpful.

  2. Bruce, Emerson M 1 Reputation point
    2024-05-30T12:48:15.55+00:00

    Entra "Permissions Management" feature appears to be able to possibly do what we need, but as the trial has already been used I will need to have someone approve purchase for at least one "resource" in order to confirm this.

    Monitor Alerts do not appear to be able to allow monitoring of Entra accounts from what I can see in our environment. If this is possible could someone provide DETAILS on how to configure?