Microsoft Entra (formerly Azure Active Directory) is not configured to send logs to Log Analytics.

  • This topic is empty.
  • Post
    • December 12, 2024 at 10:23 pm
    Weekend Wiki
    Keymaster
    The error message you’re encountering indicates that Microsoft Entra (formerly Azure Active Directory) is not configured to send logs to Log Analytics. This is essential for centralizing log management and monitoring in Azure. Here’s how you can enable it:

    1. Prerequisites

    • You need the following roles:
      • Global Administrator or Privileged Role Administrator in your tenant.
    • Access to an existing Log Analytics Workspace or the ability to create one.

    2. Steps to Enable Log Analytics Integration

    Step 1: Access Diagnostic Settings

    1. Go to the Azure Portal: https://portal.azure.com.
    2. Navigate to Microsoft Entra ID (Azure Active Directory).
    3. Under the Monitoring section, select Diagnostic settings.

    Step 2: Configure a New Diagnostic Setting

    1. Click + Add diagnostic setting.
    2. Provide a name for the diagnostic setting (e.g., “SendToLogAnalytics”).
    3. Select the Log Analytics workspace where you want to send the logs. If you don’t have one, you’ll need to create a new workspace:
      • Navigate to Log Analytics Workspaces in the Azure Portal.
      • Click + Create, provide a name, region, and resource group, then click Review + Create.

    Step 3: Choose Log Categories

    1. Under “Log” in the diagnostic settings, select the categories you want to send:
      • Sign-in logs
      • Audit logs
      • Provisioning logs
    2. (Optional) Enable Metrics to send usage data.

    Step 4: Save the Configuration

    1. Once you’ve selected the workspace and log categories, click Save.

    3. Verify the Logs in Log Analytics

    1. Go to your Log Analytics Workspace in the Azure Portal.
    2. Open the Logs tab and query for Entra logs, such as: 
      AzureDiagnostics 
| where Category == "AuditLogs" or Category == "SignInLogs"

    4. (Optional) Configure Alerts

    • Set up alerts in Azure Monitor for specific log events by creating Alert Rules in the Log Analytics workspace.

    If you encounter issues, let me know, and I can guide you through troubleshooting! For consulting email at [email protected]

  • You must be logged in to reply to this topic.
en_USEnglish
arArabic en_USEnglish