提醒高特权帐户登录 [英] alerting on highly privileged account sign-in

问题描述

有什么方法可以建立搜索查询来跟踪只有云的高特权帐户登录(例如，分配了天蓝色全局管理员角色的用户等

Hi all, is there any way to build search query to track highly privileged cloud only account sign-in (like users with azure global administrator role assigned to him etc

提前谢谢

推荐答案

开箱即用，我认为这是不可能的.另外，我假设您是指将Azure AD登录日志发送到Log Analytics的功能.

Out of the box I do not think this is possible. Also I am assuming you are referring to the feature of sending Azure AD sign-in logs to Log Analytics.

我认为关闭解决方法是使某些自动化(逻辑应用程序，功能，自动化运行手册)以一定间隔运行，并将这些帐户的ID作为数据插入Log Analytics或Function中.这样，您就可以进行低谷的查询 提醒您的请求的数据或功能.

The closes workaround I think is to have some automation (logic app, function, automation runbook) that runs at certain interval and inserts the IDs of those accounts as data in Log Analytics or as a Function. That way you can have a query that goes trough that data or function that alerts on the request you have.

如果此回复有助于将其标记为答案.

If this reply helps mark it as answer.

这篇关于提醒高特权帐户登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！