Forum Discussion
ezflow
Feb 15, 2022Copper Contributor
Azure monitoring alerts query
If have an Azure Security group: "Super Secret"
What is the Query to set an Alert in Azure monitoring, when a user was added or removed from that group?
- yairgil
Microsoft
Hello,
I assume this is regarding AAD security groups.
You can direct the AAD audit logs to Log Analytics workspace as explain here:
Then you can create log search alert rules to detect the specific activities you would like to monitor.
I hope this helps,
Yair Gil
Program Manager, Azure Monitor
- lukemurraynzLearn ExpertThis MS Questions doc has a bit more information as well, specifically around the KQL query and Audit Logs: https://docs.microsoft.com/en-us/answers/questions/316694/create-alert-for-any-security-group-update.html