Forum Discussion
Conditional Access Reporting
gd-29 You can use Log Analytics to create your own alerts I've found following article how to implement your custom alerts: https://tech.nicolonsky.ch/conditional-access-and-azure-log-analytics-in-harmony/
They also requested this feature on uservoice but it's still not implemented: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/19331617-change-tracking-for-conditional-access-policies
You can also use Azure Sentinel. connect your Azure AD Data Connector: https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-active-directory
And implement your own Rules
Any changes are visible in the Audit log: https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Audit
You can also access it programmatically via the Graph API.
i set it that to 30 days and tried reviewing logs with and without the filter for service=conditional access with no results.
we send our logs to splunk, and i do see some data but it looks like it comes from o365 management logs. but that also only fetches at some frequency, i'd prefer to alert from azure so its more realtime.
