Azure Sentinel | Azure B2C

Adrian Gordon · ‎Mar 05 2019

Can you let me know if Azure Sentinel supports (out of the box) connections to Azure B2C Logs. The document states that Azure Sentinel can ingest Azure AD sign-in and audit logs but was not sure for Azure B2C.

Regards,

Adrian

Valon_Kolica · ‎Mar 06 2019

@Eyal Manor: Is this something you can help with?

Eyal Manor · ‎Mar 06 2019

Hi, Please work with Koby Koren kobyk@microsoft.com

Valon_Kolica · ‎Mar 07 2019

Thank you Eyal!@Koby Koren: Can you please help with this topic?

Koby Koren · ‎Mar 10 2019

@DhanyahkMSFT can you please assist?

Lars_Kemmann · ‎May 24 2019

@Koby Koren @Valon_Kolica @DhanyahkMSFT Any update on this? I have the same question. Thanks!

Valon_Kolica · ‎May 24 2019

@Lars_Kemmann

Hi @Chris Boehm, is this something you can speak to?

@Ofer_Shezaf

Chris Boehm · ‎May 28 2019

@Lars_Kemmann

and @Adrian Gordon

@Valon_Kolica

To answer the question, yes we take in Azure AD B2C Audit logs

https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-audit-log...

If configured, you'll see B2C Audit logs pulled over into Azure Sentinel whenever you've enabled Azure AD Audit connector within Sentinel.

Example:

Pulling a Query over the past 7 days, looking for B2C audit logs

MarkAArnold · ‎Sep 11 2019

@Chris Boehm Presumably the Sentinel instance must be created within the B2C tenant? Or can it be created in my primary tenant and pointed to the B2C tenant to capture logs?

Artom Harchenko · ‎Sep 30 2019

I don't see how creating Sentinel within the B2C tenant would be possible as it is not linked to any subscription. On the other hand, creating Sentinel in your "corporate" Azure AD tenant is possible, but i have not found any way to point it to B2C tenant. It defaults the Azure AD Data Connector to the "corporate" Azure AD.
So far i don't see a way to make Sentinel work with Azure AD B2C.

MarkAArnold · ‎Oct 04 2019

@Chris Boehm Are you able to provide any high-level pointers as to how you set this up? I have Sentinel setup in my corp AD tenant, showing corp AD logs. I also have B2C setup, but I'm not clear how to configure the AD audit connector to also read in the B2C logs. Thanks

wmansfield · ‎Oct 25 2019

@Chris Boehm I also would like details on how to add a B2C to Sentinel. It is showing the primary data, but no data from our B2C tenant.

Secuerskydev · ‎Jun 23 2020

@wmansfieldand @Chris Boehm did you come up with a straight forward solution for getting B2C logs directly into a corp tenant?

Ofer_Shezaf · ‎Jun 28 2020

@Secuerskydev

You can now collect B2C logs from your B2C tenant to your primary tenant AAD logs as described here.

~ Ofer

Secuerskydev · ‎Jul 01 2020

@Ofer_Shezaf Thanks!

Jitendra Rai · ‎Sep 12 2021

Thanks and Azure AD B2C supports sentinel. Please find below document -
https://docs.microsoft.com/en-us/azure/active-directory-b2c/azure-sentinel

Azure Sentinel | Azure B2C

Azure Sentinel | Azure B2C

Re: Azure Sentinel | Azure B2C

Re: Azure Sentinel | Azure B2C

Re: Azure Sentinel | Azure B2C

Re: Azure Sentinel | Azure B2C

Re: Azure Sentinel | Azure B2C

Re: Azure Sentinel | Azure B2C

Re: Azure Sentinel | Azure B2C

Re: Azure Sentinel | Azure B2C

Re: Azure Sentinel | Azure B2C

Re: Azure Sentinel | Azure B2C

Re: Azure Sentinel | Azure B2C

Re: Azure Sentinel | Azure B2C

Re: Azure Sentinel | Azure B2C

Re: Azure Sentinel | Azure B2C

Re: Azure Sentinel | Azure B2C

Products (51)

Special Topics (28)

Video Hub (447)

Most Active Hubs

Most Active Hubs

Video Hub

Azure Sentinel | Azure B2C