Capturing Unauthorized API activity in Azure

Hemant Kumar R 1 Reputation point


I need to capture the Unauthorized API calls in Azure console.

I checked the activity logs, where I am able to find out the logs for successful API calls, but no unauthorized calls are getting logged.

I am able to see the error message in the console on notification tab, but unable to see that event log in the activity log.

Kindly guide how this can be achieved, is there anything that need to be configured to capture the same?

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,489 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
17,607 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Andrew Blumhardt 9,356 Reputation points Microsoft Employee

    You might try looking in the AAD SigninLogs and AuditLogs for information related to the associated identities and service principals.

    You might also consider Defender for Cloud - App Service monitoring and Azure Active Directory Identity Protection.

    0 comments No comments