Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 4 Next »

Use Entra ID logs to detect malicious authentication and privilege changes.

The Entra ID brand has replaced the Azure Active Directory brand.

To collect Microsoft Entra ID logs, stream the logs to an Event Hub and use the Azure Event Hub collector.

Example tables

Table

Description

cloud.azure.ad.*

Entra ID identity and access management logs.

cloud.azure.ad.signin_all

This union table combines all the different Entra ID authentication logs.

auth.all

Authentication logs, including Entra ID.

  • No labels