Introduction
Managing the security of your organization's Microsoft Entra instance and its associated resources and data is a perpetual battle. Sometimes, an organization doesn't discover a breach until hours or days after the event. Microsoft Azure provides enhanced monitoring throughout your network. Your organization can use Azure to rapidly respond to suspicious user behavior, help prevent unauthorized access to your resources, and help prevent potential data loss.
Imagine that you work for an organization that recently has begun to integrate its user identities with Microsoft Entra ID. A recent incident with compromised identities led to exposed customer data. The organization's security team wants to ensure that proper reporting and monitoring are in place. You need to demonstrate the reporting and monitoring capabilities of Azure and show how Microsoft Entra ID can alert your organization to perceived security events.
Log Analytics workspace is a feature of Azure Monitor. In this module, you'll learn how to set up a Log Analytics workspace to process your Microsoft Entra activity and sign-in logs. You'll use your Log Analytics workspace to set up security event alerts. Then, you'll see how to create a dashboard that helps improve your ability to respond to incidents.
Learning objectives
In this module, you will:
- Store Azure audit logs and sign-in activity logs in a Log Analytics workspace.
- Create alerts for security events in a Log Analytics workspace.
- Create and view dashboards to support improved monitoring.
Prerequisites
- Familiarity with Microsoft Entra ID
- Familiarity with Log Analytics workspaces