Forum Discussion
Sign-in logs and Azure AD groups
Alexander_Ceyran There is nothing that you can access directly in Azure Sentinel although the information is available in the Graph API. You may be able to write a PowerApp that will copy that data into an Azure Blog and then you can use the externaldata command to read that.
This blog post also talks a bit about using the Graph API so it may be of use: https://techcommunity.microsoft.com/t5/azure-sentinel/bring-your-threat-intelligence-to-azure-sentinel/ba-p/1167546
Not the best solution but it should work. BTW, you can use the KQL command search to search all the tables for a specific value like an AAD group to see if you can find it.
Alexander_Ceyran There is nothing that you can access directly in Azure Sentinel although the information is available in the Graph API. You may be able to write a PowerApp that will copy that data into an Azure Blog and then you can use the externaldata command to read that.
This blog post also talks a bit about using the Graph API so it may be of use: https://techcommunity.microsoft.com/t5/azure-sentinel/bring-your-threat-intelligence-to-azure-sentinel/ba-p/1167546
Not the best solution but it should work. BTW, you can use the KQL command search to search all the tables for a specific value like an AAD group to see if you can find it.
