Azure Sentinel News
  • Home
  • Security and Compliance
  • MSSP
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
  • Home
  • Security and Compliance
  • MSSP
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
Azure Sentinel News
No Result
View All Result
Home Security Operations

Azure Active Directory SigninLogs Still Requires a License to Stream to Azure Sentinel

Azure Sentinel News Editor by Azure Sentinel News Editor
March 18, 2021
in Security Operations
0
Microsoft brings endpoint & Azure security under Microsoft Defender
5.4kViews
646 Shares Share on Facebook Share on Twitter

In Azure Sentinel can now Analyze All Available Azure Active Directory Log Files, I noted that…

Additionally, you may also notice that there is no longer need for any kind of AAD license (P1/P2) for Sentinel customers to stream AAD logs.

I found out just recently that this isn’t entirely true. I was correct initially, and the original intention was to ensure that no license at all would be needed for any of the Azure Active Directory logs, but there was a miscommunication (or non-communication, as it turns out). No need to go into details, but here’s the scoop…

Enabling the Azure Active Directory Data Connector for Azure Sentinel, effectively just creates a Diagnostic Setting for the AAD service so that the available logs stream directly into the Log Analytics workspace for Azure Sentinel. These logs includes those shown in the next image.

However, when you go into the actual Diagnostic Setting that is created (shown in the next image) you see something that the Azure Sentinel Data Connector doesn’t communicate – the SigninLogs still needs at least a P1 license.

The only log that requires a license is the SigninLogs.

Our documentation will be updated soon to reflect this. There’s hope that this will change in the near future.

P.S. This is something managed by the Azure AD team.

Extra: Did you know that each Azure service has a limitation of 5 Diagnostic Settings that can be created?

Reference: https://azurecloudai.blog/2021/03/17/azure-active-directory-signinlogs-still-requires-a-license-to-stream-to-azure-sentinel/

Tags: Azure Active DirectoryAzure Sentinel
Azure Sentinel News Editor

Azure Sentinel News Editor

Related Posts

Microsoft is quietly becoming a cybersecurity powerhouse
Security Operations

Experience Azure Sentinel with Our New Interactive Learn Guide

April 16, 2021
Microsoft Acquires CyberX to Improve Azure IoT Security
Security Operations

Omdia Research Spotlight: XDR

April 14, 2021
Microsoft announces security, identity, management, and compliance updates across Azure and Office
Security Operations

Worth knowing: Multiple Execution Failures Force Azure Sentinel Analytics Rules to Auto-disable

April 13, 2021
Next Post
Open Systems Augments its Cybersecurity Capabilities With Acquisition of Leading Microsoft Azure Sentinel Expert

You Can Now Print Your Azure Sentinel Workbooks

Wipro Announces Advanced Cloud SOC Service Powered by Microsoft Azure Sentinel

How to Configure the Azure Sentinel Logs Blade to Run a D

After Partner Feedback, Microsoft Releases Azure Sentinel SIEM Service

MSSP Tiberium Unveils Microsoft Azure Sentinel SIEM, Defender Services

Follow Us

  • 22M Fans
  • 85 Followers

Recommended

Alcide Joins Microsoft Intelligent Security Association (MISA) and integrates their Kubernetes security, Alcide kAudit, with Microsoft Azure Sentinel

Alcide Joins Microsoft Intelligent Security Association (MISA) and integrates their Kubernetes security, Alcide kAudit, with Microsoft Azure Sentinel

5 months ago
RiskIQ Joins Microsoft Intelligent Security Association

Using Microsoft To-do as a Simple Ticketing System for Azure Sentinel

4 months ago
With new release, CrowdStrike targets Google Cloud, Azure and container adopters

How to Setup a Managed Identity for the Azure Sentinel Logic App Connector

3 months ago
What’s new: Microsoft 365 Defender connector now in Public Preview for Azure Sentinel

What’s new: Microsoft 365 Defender connector now in Public Preview for Azure Sentinel

7 months ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • MSSP
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SENTINEL
  • SIEM
  • SOAR
  • Threat Intelligence

Topics

analytics anomaly automation Azure Azure DevOps Azure Security Center Azure Sentinel Azure Sentinel API Azure Sentinel Connector BlueVoyant Call cybersecurity Data Connectors Detection file GitHub Hunting Huntingy IAC incident response Incident Triage infrastructure as code Investigation jupyter LAQueryLogs Microsoft microsoft 365 mssp Multitenancy Notebooks Pester Playbooks PowerShell python Records Security Sentinel Sharing SIEM signin Supply Chain teams Threat hunting Watchlists Workbooks
No Result
View All Result

Highlights

Experience Azure Sentinel with Our New Interactive Learn Guide

How to Use Microsoft Teams as a Frontend to Azure Sentinel

3 basic cybersecurity measures to protect MSP businesses

Microsoft buying speech recognition firm Nuance in $16 billion deal

Omdia Research Spotlight: XDR

Google Releases Monitoring Query Language for Cloud Monitoring into General Availability

Trending

CRITICALSTART Adds Support for Microsoft Azure Sentinel to MDR Services
SENTINEL

Stream Analytics Software Market 2021 Strategic Assessment-IBM, AWS, TIBCO, Vitria, SQLstream, Microsoft Azure

by Azure Sentinel News Editor
April 19, 2021
0

By  tanmay and Azure Sentinel News Covid-19 Impact On Global Stream Analytics Software Market Size, Status And...

Microsoft Acquires CyberX to Improve Azure IoT Security

Illusive Collaborates with Microsoft on Active Defense Solution with Microsoft Defender for Endpoint to Combat Advanced Human-Operated Attacks

April 16, 2021

Detecting the “Next” SolarWinds-Style Cyber Attack

April 16, 2021
Microsoft is quietly becoming a cybersecurity powerhouse

Experience Azure Sentinel with Our New Interactive Learn Guide

April 16, 2021
Vectra AI and Microsoft partner on security integration

How to Use Microsoft Teams as a Frontend to Azure Sentinel

April 16, 2021

We bring you the best, latest and perfect Azure Sentinel News, Magazine, Personal Blogs, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • Stream Analytics Software Market 2021 Strategic Assessment-IBM, AWS, TIBCO, Vitria, SQLstream, Microsoft Azure April 19, 2021
  • Illusive Collaborates with Microsoft on Active Defense Solution with Microsoft Defender for Endpoint to Combat Advanced Human-Operated Attacks April 16, 2021
  • Detecting the “Next” SolarWinds-Style Cyber Attack April 16, 2021

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • MSSP
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SENTINEL
  • SIEM
  • SOAR
  • Threat Intelligence

[mc4wp_form]

Copyright © 2020 - Azure Sentinel News

No Result
View All Result
  • Home
  • Security and Compliance
  • MSSP
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence

Copyright © 2020 Azure Sentinel News