Feed Operations Manager Suite with Azure Active Directory Security logs
It would be nice to have the Azure Active Directory Security logs in the Operations Manager Suite. To track events and display them in dashboards or just query them.
There already is a Azure possibility to see Azure Active Directory Reports. It would be nice to have this data in OMS.
Could this be expanded to enable an administrator to configure event log forwarding to one or more destinations?
Dhanyah Krishnamoorthy commented
This is in Public preview now. you can get Azure AD logs in Log Analytics. Check out the https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-activity-logs-azure-monitor for more info
Daniele commented · Just Now · Delete
While at it add support for Azure AD Privileged Identity Management audits logs. Audits logs are at the heart of any forensic analysis, OI must become the single stop for all these logs and Azure AD is gaining momentum at an incredible pace.
The business benefit of the "cloud" is that it makes available higher functioning services to medium-small concerns, i.e. doesn't require significant capital investments. Given the nature of this request, it helps the medium-small to monetize this data quickly and have access to higher functioning security services than a simple data feed alone can provide. An Intelligence Pack that delivers initial value with tooling would be great, and it very well could be something our EPG customer would leverage as they set a strategy for SIEM-like capabilities.
Would also add that in addition to Azure AD/Premium reports, it would be nice to have the Advanced Threat Analytics alerts be reported in OMS as well. Any timeline on when the reporting might be available in OMS? Sometime in FY16 or beyond?