Data
Reader small image

You're reading from  Microsoft Identity and Access Administrator Exam Guide

Product typeBook
Published inMar 2022
Reading LevelBeginner
PublisherPackt
ISBN-139781801818049
Edition1st Edition
Languages
C#
Tools
AzureAzure Functions
Concepts
Identity Management
Right arrow
Author (1)
Dwayne Natwick
Dwayne Natwick
author image
Dwayne Natwick

Dwayne Natwick is a Cloud Training Architect Lead at Opsgility, a Microsoft CSP. He has been in IT, security design, and architecture for over 30 years. His love of teaching led him to become a Microsoft Certified Trainer (MCT) Regional Lead and a Microsoft Most Valuable Professional (MVP). Dwayne has a master’s degree in Business IT from Walsh College, the CISSP from ISC2, and 18 Microsoft certifications, including Identity and Access Administrator, Azure Security Engineer, and Microsoft 365 Security Administrator. Dwayne can be found providing and sharing information on social media, industry conferences, his blog site, and his YouTube channel. Originally from Maryland, Dwayne currently resides in Michigan with his wife and three children.
Read more about Dwayne Natwick

Right arrow

Chapter 15: Enabling and Integrating Azure AD Logs with SIEM Solutions

The previous chapter covered how to analyze, review, and investigate our logs and events to protect against risky sign-ins and elevated-risk users. This included creating reports and reviewing insights for user activity to recognize potential vulnerabilities and alert against possible threats. In this chapter, we will discuss how to integrate and enable the use of these logs with Microsoft Sentinel or a third-party security incident and event management (SIEM) solution. This will include how to use Log Analytics with Kusto queries to review activity in Microsoft Sentinel.

In this chapter, we're going to cover the following main topics:

  • Enabling and integrating Azure AD diagnostic logs with Log Analytics and Microsoft Sentinel
  • Exporting sign-in and audit logs to a third-party SIEM
  • Reviewing Azure AD activity by using Log Analytics and Microsoft Sentinel

Technical requirements

In this chapter, we will continue to explore configuring a tenant for use of Microsoft 365 and Azure. There will be exercises that will require access to Azure Active Directory (AD). If you have not yet created the trial licenses for Microsoft 365, please follow the directions provided in Chapter 1, Preparing for Your Microsoft Exam.

Enabling and integrating Azure AD diagnostic logs with Log Analytics and Microsoft Sentinel

In the previous chapter, we discussed how to access and use activity logs and audit logs to review user activity and filter that activity for monitoring, reporting, and managing potential vulnerabilities and threats. In this chapter, we will discuss how we can use this information within Microsoft Sentinel and third-party SIEM solutions to provide an integration of these logs to handle security operations more efficiently in one location.

This section will provide guidance on how to export logs to Microsoft Sentinel. The next section will discuss how to export logs to third-party security tools, if you are not utilizing Microsoft Sentinel. Let's start by explaining Microsoft Sentinel and what SIEM and security orchestration automated response (SOAR) solutions are.

A SIEM is a solution within a security operations center that gathers logs and events from various appliances and software...

Exporting sign-in and audit logs to a third-party SIEM

Azure Monitor is the Azure solution that most Azure services utilize for activity, event, and security logging. Azure AD, Azure Resource Manager, Azure Firewall, and Microsoft Defender for Cloud all utilize integration with Azure Monitor for monitoring and managing activity within Azure. The previous section discussed how to use and connect Microsoft Sentinel for monitoring, managing, and alerting on security activity based on these logs through Azure Monitor and Log Analytics. Companies that currently have a third-party SIEM and/or SOAR solution can also connect to Azure Monitor to monitor Azure AD activity. Azure Monitor routes the logs through Azure Event Hubs to deliver the log data to external applications.

More information on connecting Azure Monitor to third-party SIEM solutions for Azure AD logs can be found at this link: https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/overview-monitoring...

Reviewing Azure AD activity by using Log Analytics and Microsoft Sentinel

In this section, we will go through the step-by-step process of running a log query for Azure AD activity within Microsoft Sentinel. We will also step through how to review Azure AD workbooks and save the workbooks for monitoring, reviewing, and exporting:

  1. Navigate to your Microsoft Sentinel workspace from within portal.azure.com:

Figure 15.17 – Microsoft Sentinel workspace

  1. Select Logs under the General menu to access the Log Analytics workspace that is connected to Microsoft Sentinel. There is a video available here to provide an overview of Log Analytics. Select the X icon at the top right to close this video window:

Figure 15.18 – Microsoft Sentinel Logs screen

  1. A tile of common queries opens. Select the X icon on the right to close this tile:

Figure 15.19 – Common queries...

Summary

In this chapter, we covered the integration of Azure Monitor with Microsoft Sentinel and other third-party SIEM and SOAR solutions. This included the configuration and setup of Microsoft Sentinel. Microsoft has provided the capability to integrate Azure Monitor with popular third-party SIEM and SOAR solutions, and we provided solutions and links to help with the integration process. The final section of the chapter provided steps to run Kusto queries with Log Analytics to review Azure AD activity, along with Azure AD workbooks for monitoring Azure AD activity.

The next chapter will provide practice questions to help you in your final preparation for the Identity and Access Administrator Associate exam.

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 22 of 24
Next Chapter
You have been reading a chapter from
Microsoft Identity and Access Administrator Exam Guide
Published in: Mar 2022Publisher: PacktISBN-13: 9781801818049
© 2022 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Author (1)

author image
Dwayne Natwick

Dwayne Natwick is a Cloud Training Architect Lead at Opsgility, a Microsoft CSP. He has been in IT, security design, and architecture for over 30 years. His love of teaching led him to become a Microsoft Certified Trainer (MCT) Regional Lead and a Microsoft Most Valuable Professional (MVP). Dwayne has a master’s degree in Business IT from Walsh College, the CISSP from ISC2, and 18 Microsoft certifications, including Identity and Access Administrator, Azure Security Engineer, and Microsoft 365 Security Administrator. Dwayne can be found providing and sharing information on social media, industry conferences, his blog site, and his YouTube channel. Originally from Maryland, Dwayne currently resides in Michigan with his wife and three children.
Read more about Dwayne Natwick

Personalised recommendations for you

Based on your interests and search pattern

Et al.

Et al.

Ever wonder why speech recognition systems don't understand the Scottish accent, or what would happen if an astronaut only ate mac 'n' cheese, or other spurious reflections you'd have at a bar? We did, then collated those deliberations into absurd research articles with fake figures and methodologies inspired by even more fictionally absurd studies.

BookAug 2023230 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages4
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages1
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Mastering Tableau 2023

Mastering Tableau 2023

This book is a comprehensive resource to mastering your Tableau skills and becoming a BI expert. As you progress, you will learn how to build advanced dashboards and improve your storytelling to derive key business insight, as well as make you well-versed with advanced functionalities of Tableau in the business intelligence domain.

BookAug 2023684 pages
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages5
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages2
Data Engineering with AWS

Data Engineering with AWS

Embark on a journey to master data engineering pipelines on AWS! Our book offers a hands-on experience of AWS services for ingesting, transforming, and consuming data. Whether you're an absolute beginner or someone with basic data engineering experience, this guide is an indispensable resource.

BookOct 2023636 pages5
Modern Data Architecture on AWS

Modern Data Architecture on AWS

Every organization wants an agile, performant, and cost-effective data platform that meets all their current and future business needs. Purpose-built AWS analytics services and their features play a big part in building such a modern data platform. This book brings to you all the design and architectural patterns that’ll help you achieve this goal.

BookAug 2023420 pages5
Practical Guide to Applied Conformal Prediction in Python

Practical Guide to Applied Conformal Prediction in Python

Discover the power of Conformal Prediction with the "Practical Guide to Applied Conformal Prediction in Python." Master the latest techniques to quantify uncertainty in machine learning and computer vision models, and seamlessly apply them to your industry applications.

BookDec 2023240 pages
TinyML Cookbook

TinyML Cookbook

With over 70 project-based recipes, the TinyML Cookbook is a practical guide that will help you to get the most out of your microcontrollers. It provides a comprehensive understanding of the theoretical foundations while giving you hands-on experience training ML models for deployment on Arduino Nano 33 BLE Sense, Raspberry Pi Pico, and SparkFun RedBoard Artemis Nano microcontrollers.

BookNov 2023664 pages