Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community

Azure Sentinel | Azure B2C

Copper Contributor

Can you let me know if Azure Sentinel supports (out of the box) connections to Azure B2C Logs. The document states that Azure Sentinel can ingest Azure AD sign-in and audit logs but was not sure for Azure B2C.





15 Replies

@Eyal Manor: Is this something you can help with? 

Hi, Please work with Koby Koren

Thank you Eyal!@Koby Koren: Can you please help with this topic? 


@DhanyahkMSFT can you please assist?

@Koby Koren @Valon_Kolica @DhanyahkMSFT Any update on this? I have the same question. Thanks!



Hi @Chris Boehm, is this something you can speak to? 


best response confirmed by Chris Boehm (Microsoft)


and @Adrian Gordon 



To answer the question, yes we take in Azure AD B2C Audit logs


If configured, you'll see B2C Audit logs pulled over into Azure Sentinel whenever you've enabled Azure AD Audit connector within Sentinel.




Pulling a Query over the past 7 days, looking for B2C audit logsPulling a Query over the past 7 days, looking for B2C audit logsAnnotation 2019-05-28 091444.png


@Chris Boehm  Presumably the Sentinel instance must be created within the B2C tenant?  Or can it be created in my primary tenant and pointed to the B2C tenant to capture logs?

I don't see how creating Sentinel within the B2C tenant would be possible as it is not linked to any subscription. On the other hand, creating Sentinel in your "corporate" Azure AD tenant is possible, but i have not found any way to point it to B2C tenant. It defaults the Azure AD Data Connector to the "corporate" Azure AD.
So far i don't see a way to make Sentinel work with Azure AD B2C.
@Chris Boehm Are you able to provide any high-level pointers as to how you set this up? I have Sentinel setup in my corp AD tenant, showing corp AD logs. I also have B2C setup, but I'm not clear how to configure the AD audit connector to also read in the B2C logs. Thanks

@Chris Boehm I also would like details on how to add a B2C to Sentinel. It is showing the primary data, but no data from our B2C tenant.

@wmansfieldand @Chris Boehm did you come up with a straight forward solution for getting B2C logs directly into a corp tenant?



You can now collect B2C logs from your B2C tenant to your primary tenant AAD logs as described here.


~ Ofer

@Ofer_Shezaf   Thanks!

Thanks and Azure AD B2C supports sentinel. Please find below document -