Forum Discussion
cryptoSHA
May 16, 2022Copper Contributor
Office365 Unified Audit log bring into an Azure Log Analytics Workspace
Hi,
the task is simple I guess, but somehow I'm failing to find the information I need. I would like to ingest Oiffce365 telemetry (unified audit logs and whatever else is there) into my Log Analytics workspace. How can I achieve it? What table is the data stored in ? Anyone ? Thanks for your assistance !
- graberyCopper Contributor
cryptoSHA this is actually straight forward to achieve. All you need is an Azure Subscription and an analytics workspace. Obviously 🙂
Just head to your Azure Active Directory >> Monitoring >> Sing-in logs >> Export Data Settings >> Add diagnostic setting.
You are not good to go ahead and save all the logs you need to your log analytics workspace for as long as you need it and willing to pay for.
Hope this does answer your question 🙂
- graberyCopper Contributor.... if this does answer your question, please accept as answer as a token of appreciation. 🙂
- AndrewXIron Contributor
grabery this does not answer the question. cryptoSHA has asked for the Unified Audit Log to be streamed into Azure Log Analytics, which historically was achieved by adding the Office 365 Solution, and data was put into the OfficeActivity Table.
This is no longer possible and i *think* the only way is to add the solution through Sentinel.
What you have provided is how to enable the Azure AD Diagnostic settings and send the Sign In logs only.
- cryptoSHACopper ContributorI can see only a data connector in Sentinel, other than that I guess no one knows how this sh*t works.