Microsoft Graph activity logs is now generally available

Microsoft Graph Activity Logs

Microsoft Graph activity logs provide an essential tool for administrators and security professionals to gain insights into the interactions with Microsoft Graph services within their environment. By offering detailed information about HTTP requests made to the Microsoft Graph, these logs are a key resource for enhancing security measures and ensuring the smooth operation of applications relying on Microsoft services. The logs enable users to conduct in-depth security analysis, pursue proactive threat hunting, and monitor application activities, thus playing a crucial role in safeguarding against security threats and attacks.

Some common use cases include:

• Identifying the activities that a compromised user account conducted in your tenant.
• Building detections and behavioral analysis to identify suspicious or anomalous use of Microsoft Graph APIs, such as an application enumerating all users, or making probing requests with many 403 errors.
• Investigating unexpected or unnecessarily privileged assignments of application permissions.
• Identifying problematic or unexpected behaviors for client applications, such as extreme call volumes that cause throttling for the tenant.

Furthermore, the availability of these logs supports compliance with security policies and regulations by allowing the tracking of suspicious activities, potential security breaches, and unusual application behaviors. With the addition of log transformation and cost-reducing capabilities, Microsoft has made it easier and more affordable for organizations to integrate these logs into their security and monitoring frameworks. The ability to combine Microsoft Graph activity logs with sign-in and audit logs provides a holistic view of tenant activities, making it a valuable asset for administrators aiming to maintain a secure and efficient IT environment.

Read the full article Microsoft Graph activity logs is now generally available

People also ask

How do I enable activity log in Azure?

Enabling activity log insights can be done at both the resource group and subscription levels to allow for a detailed view of activities.

Where are Azure activity logs stored?

In Azure, activity logs are captured and stored within a Log Analytics workspace, specifically in a table named AzureActivity. This data can be retrieved through the execution of log queries within Log Analytics.

How do I access Azure logs?

To access Azure logs, navigate to the Identity > Monitoring & health > Diagnostic settings section. From there, you can select the logs you wish to stream, opt for the Stream to an event hub, and fill in the necessary fields. Guidelines on ingesting data from Azure Event Hubs into third-party tools are typically provided by the independent security vendor.

What is an activity log?

An activity log, also known as Activity Diary or Job Activity Log, serves as a detailed written record capturing how one's time is spent throughout the day. Maintaining an activity log for a few days can help in gaining an accurate understanding of daily time investment and activities.

Keywords

Microsoft Graph, activity logs, generally available, Graph API, Microsoft 365, API access, integration, real-time monitoring