Create Alert for any Security Group update

Kamal Shalaby 21 Reputation points
2021-03-16T12:35:49.94+00:00

is there availability to Create Alert for any modification in any security groups in Azure AD

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,703 questions
0 comments
Accepted answer
  1. James Westall 156 Reputation points
    2021-03-16T13:33:04.927+00:00

    Hey @Kamal Shalaby

    The easiest way to do this would be to onboard Azure AD Audit logs to a log analytics workspace, and then build an alert rule based off this data.
    Documentation on audit logs to Azure log analytics can be found here.

    A starter query that will pull this information is:

    AuditLogs | where OperationName == "Add member to group" or OperationName == "Remove member from group"

    78273-image.png

    Once you have tuned your KQL query to match the exact group you care about, you can configure an alert rule as per this documentation.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest