Azure Monitor can send alerts to Azure Active Directory security groups
Create custom policies to generate alerts for actions on resources that are specific to your Office 365 Azure AD (Active Directory) environment. Show
Prerequisite: Ensure that you have followed the instructions in Getting Started with Policies to review available managed policies, and any custom policies that already exist, before creating a new custom policy. You can create policies for actions and resources in Azure AD. Note: If you registered your Office 365 instance before April 2016, to enable the features for SharePoint and OneDrive and for Azure AD, you must reenter the Oracle CASB Cloud Service user's credentials for your registered application instance in the credentials update page. Select Applications, click the icon for the instance to display the Health Summary, and then Modify, Update Credentials.Creating Alerts for Azure AD User, Group, and Role ManagementCreate a policy that generates an alert for unwarranted actions related to sensitive files and folders. You can create policies for unwarranted actions related to sensitive files and folders in Office 365 Azure Active Directory (AD). For example, a policy can be triggered and generate an alert you when someone creates a self-service tenant from a domain that you want to exclude from membership. For instructions about how to create a policy alert for Office 365, see any of the topics for Creating Policy Alerts for Office 365 Exchange Online. Here are the resources and actions for Azure AD that you can make the target of a policy. ResourceAction/Event NameTrigger for Policies with This Resource and Action AzureAD User Add An administrator adds a user to the directory. This can be a new user in your organization, a user with an existing Microsoft account, or a user in another Azure AD directory that this administrator manages. Delete An administrator deletes a user from the directory. Update An administrator updates a user in the directory. The Azure AD logs should show the attributes that were updated. Reset user password An administrator resets the password for a user in the directory. Change user password An administrator changes the password for a user in the directory. Set force change user password An administrator sets the property that forces a user to change his or her password on login. Set license properties An administrator sets the license properties for a user in the directory. Change user license An administrator changes the license assigned to a user in the directory. To see what licenses were updated, look in the Azure AD logs for an "Update user" event immediately before or after this event. AzureAD Authentication Failed login User login failed. Login User logged in successfully. AzureAD Group Add group An administrator creates a group in the directory. This event is of interest for groups with special privileges. Update group An administrator updates a group in the directory. This event is of interest for groups with special privileges. Delete group An administrator deletes a group from the directory. This event is of interest for groups with special privileges. Add member to group An administrator adds a member to a group in the directory. This event is of interest for groups with special privileges. Remove member from group An administrator removes a member from a group in the directory. This event is of interest for groups with special privileges. AzureAD Role Events Add role member An administrator adds a user to a directory role (a set of permissions). This can be a sensitive operation if the role is highly privileged. Remove role member An administrator removes a user from a directory role (a set of permissions). This can be a sensitive operation if the role is highly privileged. Set company contact information An administrator sets company-level contact preferences, including email addresses for marketing and technical notifications about Microsoft Online Services. Directory Set federation settings on domain Update the federation settings for a domain. Verify domain Verify a domain in the directory. Verify email domain Do email verification of a domain in the directory. Set DirSyncEnabled flag on company Set the property that enables a directory for Azure AD Sync. Set Password Policy Set length and character constraints for user passwords. Set Company Information Update company-level information. See the Get-MsolCompanyInformation PowerShell cmdlet for more information. Creating Alerts for Azure AD Application and Directory ManagementCreate a policy that generates an alert for unwarranted actions related to sensitive files and folders. You can create policies for actions related to application and directory management in Office 365 Azure AD (for example, when someone creates a self-service tenant from a domain that you want to exclude from membership). For instructions about how to create a policy alert, see the topics for Creating Policy Alerts for Office 365 Exchange Online. Here are the resources and actions for Azure AD that you can make the target of a policy. ResourceAction/Event NameTrigger for Policies with This Resource and Action AzureAD Application Events Add service principal An administrator adds a service principal to the directory. A Service Principal can be tied to an application (often, the application is single sign on). A Service Principal grants the application access to resources in the directory. Remove service principal An administrator removes a service principal from the directory. Add service principal credentials An administrator adds authentication credentials to a service principal. After adding an application, an administrator can add a Service Principal that is tied to the application. Often, the purpose of the application is single sign-on. Adding a Service Principal grants the application access to resources in the directory. Remove service principal credentials An administrator removes authentication credentials for a service principal. Add delegation entry An administrator creates an OAuth2PermissionGrant in the directory to show the resources that each client may access and the permission level for each resource. Set delegation entry An administrator updates an OAuth2PermissionGrant in the directory. Remove delegation entry An administrator deletes an OAuth2PermissionGrant in the directory. The oauth2PermissionGrants show the resources that each client may access and the permission level for each resource. Can Azure Monitor can send alerts to Azure Active Directory security groups?Some of the key takeaways of Azure Monitor for your AZ-900 exam are, you can send alerts to Azure Active Directory groups and users, and Azure Monitor can trigger alerts based on data in an Azure Log Analytics workspace.
Can Azure Monitor send alerts?Alerts help you detect and address issues before users notice them by proactively notifying you when Azure Monitor data indicates that there may be a problem with your infrastructure or application. You can alert on any metric or log data source in the Azure Monitor data platform.
Can Azure Monitor trigger alerts based on data in an Azure Log Analytics workspace?Azure Monitor uses Target Resource, which is the scope and signals available for alerting. A target can be any Azure resource. Example targets: a virtual machine, a storage account, a virtual machine scale set, a Log Analytics workspace, or an Application Insights resource.
What data does Azure Monitor collect?Azure Monitor collects data from various sources including logs and metrics from Azure platform and resources, custom applications, and agents running on virtual machines.
|