Create Alert for any Security Group update

Kamal Shalaby 41 Reputation points
2021-03-16T12:35:49.94+00:00

is there availability to Create Alert for any modification in any security groups in Azure AD

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,521 questions
0 comments No comments
{count} votes

Accepted answer
  1. James Westall 161 Reputation points
    2021-03-16T13:33:04.927+00:00

    Hey @Kamal Shalaby

    The easiest way to do this would be to onboard Azure AD Audit logs to a log analytics workspace, and then build an alert rule based off this data.
    Documentation on audit logs to Azure log analytics can be found here.

    A starter query that will pull this information is:

    AuditLogs | where OperationName == "Add member to group" or OperationName == "Remove member from group"

    78273-image.png

    Once you have tuned your KQL query to match the exact group you care about, you can configure an alert rule as per this documentation.

    0 comments No comments

0 additional answers

Sort by: Most helpful