question

KamalShalaby-990 avatar image
0 Votes"
KamalShalaby-990 asked JamesWestalll answered

Create Alert for any Security Group update

is there availability to Create Alert for any modification in any security groups in Azure AD

azure-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

JamesWestalll avatar image
0 Votes"
JamesWestalll answered

Hey @KamalShalaby-990

The easiest way to do this would be to onboard Azure AD Audit logs to a log analytics workspace, and then build an alert rule based off this data.
Documentation on audit logs to Azure log analytics can be found here.

A starter query that will pull this information is:

AuditLogs | where OperationName == "Add member to group" or OperationName == "Remove member from group"

78273-image.png

Once you have tuned your KQL query to match the exact group you care about, you can configure an alert rule as per this documentation.



image.png (50.5 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.