Hello. I've been tasked with figuring out what security related events we're collecting in Azure Active Directory, then finding the difference between that and best practices. The goal being to pull those events to our external monitoring tool using the Graph API.
Is there a 'Best Practices' list of events for Azure AD?
It seems like I can only send certain event categories to a workspace for the API to pull from, is there no way to send specific events to a workspace?