Sep 15 2020 01:42 AM
Hi community
Has anyone found a way to alert admins when an account sign-in ability has been unblocked?
Thank you for any assistance.
View best response
Sep 19 2020 03:24 AM
@ryeurolink
Yes.
Forward your audit logs to Log Analytics Workspace, and create alerts for these events.
Example: Monitor your Azure AD Break Glass Accounts with Azure Monitor – Daniel Chronlund Cloud Tech Blog (da...
Here is a KQL example for enabled accounts:
Sep 21 2020 01:19 AM
@JanBakkerOrphaned Ah, brilliant, didn't think that Azure could do this without some sort of paid subscription.
I'll look into it, and thank you for your answer!
Sep 21 2020 01:30 AM
For Azure Monitor Log Analytics, you pay for data ingestion and data retention.
Depending on your amount of data, you will have to pay a few bucks per month, but the Free Tier will get you started for sure.
See:
Pricing - Azure Monitor | Microsoft Azure
View solution in original post
