Create Alert for any Security Group update

Kamal Shalaby 41 Reputation points

is there availability to Create Alert for any modification in any security groups in Azure AD

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,521 questions
0 comments No comments
{count} votes

Accepted answer
  1. James Westall 161 Reputation points

    Hey @Kamal Shalaby

    The easiest way to do this would be to onboard Azure AD Audit logs to a log analytics workspace, and then build an alert rule based off this data.
    Documentation on audit logs to Azure log analytics can be found here.

    A starter query that will pull this information is:

    AuditLogs | where OperationName == "Add member to group" or OperationName == "Remove member from group"


    Once you have tuned your KQL query to match the exact group you care about, you can configure an alert rule as per this documentation.

    0 comments No comments

0 additional answers

Sort by: Most helpful