Expose AzureAD PIM Alerts via an API
AzureAD (AAD) PIM generates alerts when there is suspicious or unsafe activity in the environment. When an AAD PIM alert is triggered, it shows up on the PIM dashboard. We would like for the PIM alerts to be exposed via an API so that we can integrate these alerts with our SIEM solution.
Sending alerts to O365 email groups is problematic, they generally dont get delivered for reasons unknown.
Try adding SMS provider email domains into those groups - those really dont work!
Would be nice to get some webhook functionality for teams/slack (outside of channel emails for the reasons mentioned above).
Christopher Brumm commented
Events in the audit log would help too.
Marcel Woesle commented
Any approach more structured than email would be highly appreciated to deal with IDP alerts outside of the IDP console (e.g. messaging queue, API access, whatever just not only email)
Any updates on this idea ?