Expose AzureAD PIM Alerts via an API
AzureAD (AAD) PIM generates alerts when there is suspicious or unsafe activity in the environment. When an AAD PIM alert is triggered, it shows up on the PIM dashboard. We would like for the PIM alerts to be exposed via an API so that we can integrate these alerts with our SIEM solution.
Christopher Brumm commented
Events in the audit log would help too.
Any approach more structured than email would be highly appreciated to deal with IDP alerts outside of the IDP console (e.g. messaging queue, API access, whatever just not only email)
Any updates on this idea ?