Chapter 15: Enabling and Integrating Azure AD Logs with SIEM Solutions

The previous chapter covered how to analyze, review, and investigate our logs and events to protect against risky sign-ins and elevated-risk users. This included creating reports and reviewing insights for user activity to recognize potential vulnerabilities and alert against possible threats. In this chapter, we will discuss how to integrate and enable the use of these logs with Microsoft Sentinel or a third-party security incident and event management (SIEM) solution. This will include how to use Log Analytics with Kusto queries to review activity in Microsoft Sentinel.

In this chapter, we're going to cover the following main topics:

Enabling and integrating Azure AD ...

Get Microsoft Identity and Access Administrator Exam Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microsoft Identity and Access Administrator Exam Guide by Dwayne Natwick

Chapter 15: Enabling and Integrating Azure AD Logs with SIEM Solutions

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly