Creating email alert when specific event is triggered in Azure AD ?

EnterpriseArchitect 2,741 Reputation points

Hi Everyone,

As per:

  • How can I get the email alert when these risky events are updated or happening across my Subscription?
  • Modified application and service principal credentials/authentication methods
  • Modified federation settings
  • New permissions granted to service principals
  • Directory role and group membership updates for service principals

Thanks in advance.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,709 questions
Microsoft Graph Security API
Microsoft Graph Security API
A Microsoft API that provides a unified interface to connect security solutions from multiple Microsoft and third-party providers.
125 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
822 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Ulv 81 Reputation points

    Hey EnterpriseArchitect,

    You can create a KQL Query Alert through your Azure Log Analytics where you filter for the event, and trigger it with an e-mail when the risky event is triggered.

    You can also leverage the SendGrid free tier to send e-mail.

    List of KQL you can configure for Solorigate
    SendGrid for Azure
    Trigger alerts for Log Analytics log entries

    List of KQL to monitor for in relation to Solorigate (

    Hope this helps,

    all the best,

    0 comments No comments