Forum Discussion
New Blog | Microsoft Graph activity logs is now generally available
We’re excited to announce the general availability of Microsoft Graph activity logs! Microsoft Graph activity logs give you visibility into HTTP requests made to the Microsoft Graph service in your tenant. With rapidly growing security threats and an increasing number of attacks, this log data source allows you to perform security analysis, threat hunting, and monitor application activity in your tenant.
Some common use cases include:
- Identifying the activities that a compromised user account conducted in your tenant.
- Building detections and behavioral analysis to identify suspicious or anomalous use of Microsoft Graph APIs, such as an application enumerating all users, or making probing requests with many 403 errors.
- Investigating unexpected or unnecessarily privileged assignments of application permissions.
- Identifying problematic or unexpected behaviors for client applications, such as extreme call volumes that cause throttling for the tenant.
You’re currently able to collect sign-in logs to analyze authentication activity and audit logs to see changes to important resources. With Microsoft Graph activity logs, you can now investigate the complete picture of activity in your tenant – from token request in sign-in logs, to API request activity (reads, writes, and deletes) in Microsoft Graph activity logs, to ultimate resource changes in audit logs.
Figure 1: Microsoft Graph activity logs in Log Analytics.
Read the full post here: Microsoft Graph activity logs is now generally available