Forum Discussion

cryptoSHA's avatar
cryptoSHA
Copper Contributor
May 16, 2022

Office365 Unified Audit log bring into an Azure Log Analytics Workspace

Hi,   the task is simple I guess, but somehow I'm failing to find the information I need. I would like to ingest Oiffce365 telemetry (unified audit logs and whatever else is there) into my Log Anal...
grabery's avatar
grabery
MCT
Sep 06, 2022

cryptoSHA this is actually straight forward to achieve. All you need is an Azure Subscription and an analytics workspace. Obviously 🙂

 

Just head to your Azure Active Directory >> Monitoring >> Sing-in logs >> Export Data Settings >> Add diagnostic setting.

You are not good to go ahead and save all the logs you need to your log analytics workspace for as long as you need it and willing to pay for.

 

Hope this does answer your question 🙂

 

  • grabery's avatar
    grabery
    MCT
    Sep 06, 2022
    .... if this does answer your question, please accept as answer as a token of appreciation. 🙂
    • AndrewX's avatar
      AndrewX
      Iron Contributor
      Oct 26, 2022

      grabery this does not answer the question.  cryptoSHA has asked for the Unified Audit Log to be streamed into Azure Log Analytics, which historically was achieved by adding the Office 365 Solution, and data was put into the OfficeActivity Table.

       

      This is no longer possible and i *think* the only way is to add the solution through Sentinel.

       

      What you have provided is how to enable the Azure AD Diagnostic settings and send the Sign In logs only.

Resources