question

AshutoshJoshi-8507 avatar image
0 Votes"
AshutoshJoshi-8507 asked Dev073 answered

Creating an alert for blocked logIn account in Azure AD

Hello Team,

I wanted to get create alert for blocked login account in Azure AD from signIn logs but not to find the required query. If I find it, than the alerts throws the errors if I configure myself saying not a valid query. Can you please provide the required query or point in to a direction where I can find it. Looking forward to hearing from you,

Thanks !!!

azure-ad-sign-in-logs
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Dev073 avatar image
0 Votes"
Dev073 answered

Hi Ashutosh,

For more granular hunting queries for Azure AD logs, I would recommend to leverage azure Sentinal which is SIEM and SOAR tool offered by Azure Microsoft. this can give you lots of inbuilt capabilities on security monitoring for azure sign-ins along with many other integration.

with respect to blocked sing-in , let me also try the custom query in my lab and update you.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.