Setup alert notifications for select services in Azure

%3CLINGO-SUB%20id%3D%22lingo-sub-2432898%22%20slang%3D%22en-US%22%3ESetup%20alert%20notifications%20for%20select%20services%20in%20Azure%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2432898%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20trying%20to%20setup%20alert%20notification%20for%20four%20resource%20types.%26nbsp%3B%20I%20believe%20I%20can%20use%20a%20Sample%20alert%20for%20Key%20Vault%20changes%20but%20the%20others%20I'm%20not%20sure%20how%20best%20to%20setup%20notifications%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3EResource%20Type%3A%20Azure%20Key%20Vault%3CBR%20%2F%3E-Security%20Use%20Case%3A%20Detect%20when%20key%20vaults%20are%20accessed%20from%20non-approved%20IPs%20(Microsoft%20owned%20or%20Customer%20owned%2C%20for%20example)%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3EResource%3A%20Azure%20Active%20Directory%3CBR%20%2F%3E-Security%20Use%20Case%3A%20Configuration%20changes%20to%20conditional%20access%20policy%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLI%3E%3CLI%3EResource%20type%3A%20Azure%20Management%20Groups%3CBR%20%2F%3E-Security%20Use%20Case%3A%20Detect%20changes%20to%20Azure%20Security%20Policy%20at%20the%20Management%20Group%20level%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLI%3E%3CLI%3EResource%20type%3A%20Resource%20Lock%20(not%20so%20much%20a%20resource%20type%2C%20but%20a%20functionality%20on%20specific%20resources%20that%20we%20want%20to%20monitor)%3CBR%20%2F%3E-Security%20Use%20Case%3A%20Resource%20Lock%20changes%20and%20related%20activity%20such%20as%20deletion%20or%20modification%20of%20unlocked%20resources%3C%2FLI%3E%3C%2FUL%3E%3CP%3EI%20thought%20I%20could%20use%20a%20Logic%20app%20or%20Event%20Grid%20but%20I'm%20unable%20to%20find%20the%20correct%20method%20for%20setting%20up%20the%20above%20requirements%20I'm%20trying%20to%20configure.%26nbsp%3B%20Any%20assistance%20or%20direction%20on%20how%20best%20to%20address.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%2C%3C%2FP%3E%3CP%3ESerge%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

We are trying to setup alert notification for four resource types.  I believe I can use a Sample alert for Key Vault changes but the others I'm not sure how best to setup notifications:

 

  • Resource Type: Azure Key Vault
    -Security Use Case: Detect when key vaults are accessed from non-approved IPs (Microsoft owned or Customer owned, for example)

 

  • Resource: Azure Active Directory
    -Security Use Case: Configuration changes to conditional access policy

  • Resource type: Azure Management Groups
    -Security Use Case: Detect changes to Azure Security Policy at the Management Group level

  • Resource type: Resource Lock (not so much a resource type, but a functionality on specific resources that we want to monitor)
    -Security Use Case: Resource Lock changes and related activity such as deletion or modification of unlocked resources

I thought I could use a Logic app or Event Grid but I'm unable to find the correct method for setting up the above requirements I'm trying to configure.  Any assistance or direction on how best to address.

 

Cheers,

Serge

0 Replies