Capturing Unauthorized API activity in Azure

Hemant Kumar R 1 Reputation point
2022-03-30T12:19:00.163+00:00

Hi,

I need to capture the Unauthorized API calls in Azure console.

I checked the activity logs, where I am able to find out the logs for successful API calls, but no unauthorized calls are getting logged.

I am able to see the error message in the console on notification tab, but unable to see that event log in the activity log.

Kindly guide how this can be achieved, is there anything that need to be configured to capture the same?

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,473 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,270 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Andrew Blumhardt 9,871 Reputation points Microsoft Employee
    2022-04-01T14:41:50.15+00:00

    You might try looking in the AAD SigninLogs and AuditLogs for information related to the associated identities and service principals.

    You might also consider Defender for Cloud - App Service monitoring and Azure Active Directory Identity Protection.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.