cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Alert if 365 account status is changed from Sign-in blocked to allowed

ryeurolink
Occasional Contributor

‎Sep 11 2020 09:13 AM

‎Sep 11 2020 09:13 AM

Alert if 365 account status is changed from Sign-in blocked to allowed

Hi community

Has anyone found a way to alert admins when an account sign-in ability has been unblocked?

Thank you for any assistance.

Labels:
355 Views
0 Likes
1 Reply
Reply
1 Reply
JanBakkerOrphaned

‎Sep 19 2020 03:26 AM

‎Sep 19 2020 03:26 AM

Re: Alert if 365 account status is changed from Sign-in blocked to allowed

@ryeurolink 

 

Yes. 

Forward your audit logs to Log Analytics Workspace, and create alerts for these events.

 

Example: Monitor your Azure AD Break Glass Accounts with Azure Monitor – Daniel Chronlund Cloud Tech Blog (da... 

 

Here is a KQL example for enabled accounts: 

 

AuditLogs
where OperationName == "Enable account"
0 Likes
Reply