SIEM, Log Management, Security, Compliance, Server Monitoring and Uptime Monitoring Software

How to Download Azure Active Directory Audit Logs and Monitor Sign-In Events

October 14th, 2022

In this article I am going to show you how to schedule Azure Active Directory Audit Log entry downloads, save the downloaded log entries to an on-premise database, get notified when any user fails to login 3 times within 5 minutes then, finally, send an email notification that includes the user's name in the email subject with Corner Bowl Server Manager 2022.

Table of Contents

How to Schedule Azure AD Audit Log Downloads

Next, we need to download the latest entries so we can create a Failed Logon Monitor that is based off of a already existing failed logon log entry.

How to Configure the Azure AD Sign-Ins Failed Logon Monitor

To limit the log entries to failed logon events, we need to create and apply a Failed Logon Filter to the log monitor rule.

October 14th, 2022