提醒高特权帐户登录 [英] alerting on highly privileged account sign-in
问题描述
有什么方法可以建立搜索查询来跟踪只有云的高特权帐户登录(例如,分配了天蓝色全局管理员角色的用户等
Hi all, is there any way to build search query to track highly privileged cloud only account sign-in (like users with azure global administrator role assigned to him etc
提前谢谢
推荐答案
开箱即用,我认为这是不可能的.另外,我假设您是指将Azure AD登录日志发送到Log Analytics的功能.
Out of the box I do not think this is possible. Also I am assuming you are referring to the feature of sending Azure AD sign-in logs to Log Analytics.
我认为关闭解决方法是使某些自动化(逻辑应用程序,功能,自动化运行手册)以一定间隔运行,并将这些帐户的ID作为数据插入Log Analytics或Function中.这样,您就可以进行低谷的查询 提醒您的请求的数据或功能.
The closes workaround I think is to have some automation (logic app, function, automation runbook) that runs at certain interval and inserts the IDs of those accounts as data in Log Analytics or as a Function. That way you can have a query that goes trough that data or function that alerts on the request you have.
如果此回复有助于将其标记为答案.
If this reply helps mark it as answer.
这篇关于提醒高特权帐户登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!