Forum Discussion
Azure Sentinel | Azure B2C
and Adrian Gordon
To answer the question, yes we take in Azure AD B2C Audit logs
https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-audit-logs
If configured, you'll see B2C Audit logs pulled over into Azure Sentinel whenever you've enabled Azure AD Audit connector within Sentinel.
Example:
Pulling a Query over the past 7 days, looking for B2C audit logs
Koby Koren Valon_Kolica DhanyahkMSFT Any update on this? I have the same question. Thanks!
and Adrian Gordon
To answer the question, yes we take in Azure AD B2C Audit logs
https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-audit-logs
If configured, you'll see B2C Audit logs pulled over into Azure Sentinel whenever you've enabled Azure AD Audit connector within Sentinel.
Example:
Pulling a Query over the past 7 days, looking for B2C audit logs
Chris Boehm I also would like details on how to add a B2C to Sentinel. It is showing the primary data, but no data from our B2C tenant.
wmansfieldand @Chris Boehm did you come up with a straight forward solution for getting B2C logs directly into a corp tenant?
- Chris Boehm Are you able to provide any high-level pointers as to how you set this up? I have Sentinel setup in my corp AD tenant, showing corp AD logs. I also have B2C setup, but I'm not clear how to configure the AD audit connector to also read in the B2C logs. Thanks
Chris Boehm Presumably the Sentinel instance must be created within the B2C tenant? Or can it be created in my primary tenant and pointed to the B2C tenant to capture logs?
- I don't see how creating Sentinel within the B2C tenant would be possible as it is not linked to any subscription. On the other hand, creating Sentinel in your "corporate" Azure AD tenant is possible, but i have not found any way to point it to B2C tenant. It defaults the Azure AD Data Connector to the "corporate" Azure AD.
So far i don't see a way to make Sentinel work with Azure AD B2C.
