MEAPSA

Monitor and maintain Azure Active Directory

Azure AD audit and diagnostic logs provide a rich view into how users are accessing your Azure solution. Learn to monitor, troubleshoot, and analyze sign in data.

Administrator

Identity And Access Administrator

Security Engineer

Azure

Azure Active Directory

Module Objectives

By the end of this module, you'll be able to:

Analyze and investigate sign in logs to troubleshoot access issues
Review and monitor Azure AD audit logs
Enable and integrate Azure AD diagnostic logs with Log Analytics / Azure Sentinel
Export sign in and audit logs to a third-party SIEM (security information and event management)
Review Azure AD activity by using Log Analytics / Azure Sentinel, excluding KQL (kusto query language) use
Analyze Azure Active Directory workbooks / reporting
Configure notifications

Units

Introduction min
Analyze and investigate sign-in logs to troubleshoot access issues min
Review and monitor Azure Active Directory audit logs min
Exercise connect data from Azure Active Directory to Microsoft Sentinel min
Export logs to third-party security information and event management system min
Analyze Azure Active Directory workbooks and reporting min
Configure notifications min
Knowledge check min
Summary and resources min

Prerequisites

None