I am trying to write a script we can use company wide, across all our Azure accounts, to properly configure all the audit logging for centralized monitoring. I am struggling, however, to figure out how to script configuring Active Directory audit logs to go into an event hub.
I have been able to script this for logs related to a subscription and all associated resources, and I know how to do the AD portion via the portal, but I cannot find any way using Azure CLI or powershell to do this for AD logs.
Specifically, I want to be able to script configuration so that things like user and group creation, are also forwarded to an event hub.