cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

E-Mail notification for Groups in Azure AD

Maximus_Aurelius
Copper Contributor

‎Apr 21 2021 03:41 AM

‎Apr 21 2021 03:41 AM

E-Mail notification for Groups in Azure AD

Hi. I am looking for a solution to get an E-Mail notification every time a new group in Azure Active Directory is applied. Do you know any solutions?

Thank you for your help.

 

6,609 Views
0 Likes
2 Replies
Reply
2 Replies
ibnmbodji

‎Apr 21 2021 10:22 AM

‎Apr 21 2021 10:22 AM

Re: E-Mail notification for Groups in Azure AD

@Maximus_Aurelius 

 

Hi

 

One way to  get notified is configuring Azure Monitor  Alerts  . But before you will need create a and configure Azure  Log Analytics Workspace.

The log analytics will allow you to send Azure AD Audit logs to be able to query it  . An then you will use a custom query to generate an alert whenever the condition is met .

 

To be able to send Audit Logs you will need to configure the diagnostic settings . 

Go To : 

 https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview

 

In the monitoring section go Diagnostic Settings and clic Add diagnostic settings 

You will be able to add the following diagnostic settings :  

  • AuditLogs
  • SignInLogs
  • NonInteractiveUserSignInLogs
  • ServicePrincipalSignInLogs
  • ManagedIdentitySignInLogs
  • ProvisioningLogs

Notice that In order to export Sign-in data, your organization needs Azure AD P1 or P2 license. If you don't have a P1 or P2,

Give a name to the diagnostic setting 

In the category details Select at least Audit Logs 

In the Destination select at least Send to Log Analytics workspace ( if it's a prod subscription i strongly recommend to archive the logs also ) .

Then select the subscription and an existing workspace will be populated .If not you have to create it. 

 

Once done Go to Azure Monitor  blade 

https://portal.azure.com/#blade/Microsoft_Azure_Monitoring/AzureMonitoringBrowseBlade/overview

Go to alerts then click on New alert rule 

In the Scope section select the resource that should be the log analytics where you are sending the Azure Active Directory logs

In the condition section you configure the signal logic as Custom Log Search ( by default 6 evaluations are done in 30 min but you can customize the time range . 

In the search query block copy paste the following query (formatted)  :  


AuditLogs
| where OperationName in ('Add group','Delete group')

 

For the alert logic  put 0 for the value of Threshold and click on done . 

 

Now the alert need to be sent to someone or a group for that .

You can configure an action group where notification can be Email/SMS message/Push/Voice

The action type can be Automation Runbook ITSM  Webhook ...

 

Finally you can define the alert rule details 

 

Once done you can do the test to verify if you can have a result to your query 

Add  a group and Delete it .

Hope that will help if yes you can mark it as anwser

0 Likes
Reply
LisaAshbaugh

‎Jul 22 2022 02:26 PM

‎Jul 22 2022 02:26 PM

Re: E-Mail notification for Groups in Azure AD

@ibnmbodji 

This works great, but I can't figure out how to only fire the email for 1 specific group.

I also followed this but again can't figure out how to narrow down to 1 specific group.
Create Alert for any Security Group update - Microsoft Q&A

 

0 Likes
Reply