Forum Discussion
How can I monitor Entra Connect Health Sync?
Hello,
How can I monitor Entra Connect Health Sync events and get alerts on failures?
I have set up to be alearted to events in the Entra portal but I only get a summary email, and not instant notifications.
I wish to informed if there is a loss of sync between OP and Entra, or with SSPR?
Is this possible other than what MS give us in the Portal.
Thanks
5 Replies
I dont see this table name the log analytics. Can you test and confirm?
AzureADSyncError
| where TimeGenerated > ago(1h)
| where ErrorCode == "sync_error"Summary of Options for Monitoring and Alerts:
- Fine-tune Entra Connect Health alerts in the Entra portal for more responsive notifications.
- Use Azure Monitor Logs to create custom alert queries and get instant notifications.
- Use PowerShell scripts for monitoring and sending email alerts for sync issues.
- Integrate alerts with Microsoft Teams or SMS via Azure Monitor or Power Automate.
- Set up SSPR-specific alerts using Azure AD logs.
- For advanced use cases, consider using SIEM tools like Splunk for centralized monitoring.
These steps should give you much more granular control and responsiveness for monitoring Entra Connect Health Sync and getting alerts on failures in sync and SSPR.
Thanks for the reply.
This has been helpful and it has given me some good ideas.
But I don't want the alerts to cost me anything and I would rather that they come as free.
The Azure Monitor alerts will be charged to our subscription, and I think there will be quite a few sent out daily.
The Powershell Option might be better because it would be local and free.
o monitor Entra Connect Health Sync events and receive more granular or instant notifications (especially for sync failures, or issues with Self-Service Password Reset (SSPR)), there are several approaches you can take beyond the summary emails provided by the Microsoft Entra portal. Here's how you can set up more detailed monitoring and alerts:
. Integrating with Azure Monitor
To enhance the alerting process, integrate Entra Connect Health with Azure Monitor to get more granular control over notifications:
- Set up Azure Monitor Logs: Entra Connect Health sends logs to Azure Monitor, which you can use to set up detailed alerts based on various sync events.
- Go to Azure Portal > Monitor > Logs.
- Use the Log Analytics workspace where Entra Connect sends its telemetry data.
- You can query the logs using Kusto Query Language (KQL) to filter sync issues and failures related to SSPR and other sync operations.
- AzureADSyncError
| where TimeGenerated > ago(1h)
| where ErrorCode == "sync_error"
- Create an Alert Rule in Azure Monitor based on the results of your queries. These alerts can notify you via email, SMS, or through a Webhook to take actions such as invoking a Power Automate flow or triggering an Azure Function.
3. Using PowerShell for More Custom Alerts
If you want more customized monitoring and alerts outside of Azure Monitor, you can use PowerShell scripts to monitor Entra Connect Health and trigger alerts when specific failures occur:
- Using PowerShell to Check Sync Status: The Get-ADSyncRunProfile cmdlet can be used to monitor sync activities. Combine this with a scheduled task to periodically check the sync status and send alerts.
- Example PowerShell script to check sync status and send an email alert:
- $SyncStatus = Get-ADSyncRunProfile
if ($SyncStatus.RunStatus -ne "Success") {
Send-MailMessage -To "email address removed for privacy reasons" -From "email address removed for privacy reasons" -Subject "Entra Connect Sync Failure" -Body "There was a failure in the Entra Connect Sync process." -SmtpServer "smtp.domain.com"
}
- Automate PowerShell with Task Scheduler: Use Windows Task Scheduler to run the PowerShell script at regular intervals (e.g., every 5 or 10 minutes) to detect any sync issues and send an email immediately.
4. Integrating with Microsoft Teams (Optional)
You can set up more immediate notification methods by integrating with Microsoft Teams:
- Set up an Azure Monitor alert to send notifications directly to a Microsoft Teams channel when a sync failure occurs.
- Use a Webhook from Azure Monitor to post alerts into your Teams channel or use Power Automate to trigger actions when a failure occurs, such as sending an instant Teams notification.
5. Review and Set Up Advanced Alerting for SSPR Issues
If you're particularly concerned about SSPR (Self-Service Password Reset) failures, ensure you're specifically monitoring for those events within Entra Connect Health:
- In the Azure AD portal, ensure SSPR logs are being captured and that you're monitoring those events.
- You can set up separate alerts for SSPR failures within Azure AD logs to be more proactive in identifying any disruptions.
- Go to Azure AD > Security > Monitoring > Audit logs > Filter by event category for SSPR.
- Set up an Azure Monitor Alert to get notifications when a significant number of failures are recorded.
6. Using a Third-Party SIEM Tool
If you're looking for a more robust and centralized monitoring solution, consider integrating Entra Connect Health with a SIEM (Security Information and Event Management) tool like Splunk or SentinelOne. These tools can give you greater control over log management, failure detection, and alerting.
- Set up Azure Monitor Logs: Entra Connect Health sends logs to Azure Monitor, which you can use to set up detailed alerts based on various sync events.
