Azure AD activity logs now integrated with Log Analytics in Azure Monitor@20aman Jul 25, 2019
I believe that there should be a single pane of glass approach to monitoring in Microsoft Azure where you can monitor different aspects of Azure in one place. Microsoft's latest logs integration is a step forward towards this vision. Now Azure AD activity logs are integrated with the Diagnostics Logs for Azure Monitor and Log Analytics in Azure Monitor. These Azure AD logs can now be retained for long term as well, leveraging Azure Storage accounts.
One side benefit is that these logs can now be sent to any 3rd party SIEM tools as well.
To get started with this service, simply navigate to your Azure Active Directory and then scroll all the way down to Diagnostic settings. Click on "+Add Diagnostic Setting" to get started.
Select the log type for "Audit logs" and for destination select "Send to Log Analytics" and configure your workspace. Save your settings.
Now the Azure AD logs will start appearing in the Log Analytics workspace. You can query this data and can analyze the data in various ways as well.
For more information check this official blog on this functionality in detail: