Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,037 questions
Failed Login Alert for Azure Application
JMWee
6
Reputation points
Hello,
I am thinking of a best way to be alerted for some sign in attempt criteria for my Azure AD which includes the Enterprise Application where we are using Azure AD as SSO to login to other system like Atlassian, Office.com, AWS, etc.
I started shipping the logs from Azure AD to Azure Log Analytics Workspace, but having problem in specifying the correct query for me to create an alert. I am after with the below trigger.
10 Failed Login attempts in period of 10secs.
20 Consecutive failed logins attempts.
Login form the hostile country like Russia, North Korea, etc.
Anyone can able to assist me with the right approach I need to do on this?
{count} vote
-
Carlos Solís Salazar 17,791 Reputation points MVP2022-07-12T15:21:57.723+00:00 Thank you for asking this question on the **Microsoft Q&A Platform. **
You have not received answers or comments to your question because it may be ambiguous or confusing.
I recommend you visit How to write a quality question and verify that your question meets some of the recommendations.
Hope this helps,
Carlos Solís Salazar----------
NOTE: To answer you as quickly as possible, please mention me in your reply.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 13%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJP%3C/text%3E%3C/svg%3E)
Joao Pereira 0 Reputation points2024-01-18T10:39:43.86+00:00 Hi JMWee - just checking if you got any results on login alerts up on Azure application failed sign-in ?
Thanks
Sign in to comment