Enabling Logs for Log Analytics Workspace
Last updated
Last updated
Overview:
The following section ensures that you have logging enabled within your storage account, key vault, Entra, and Resource Graph.
The following section shows how to enable Entra ID Logging:
Note that Identity based protection logs were omitted as they require a P2 license. These include logs like riskyusers, userriskevents, and serviceprincipalriskevents. This was done in order to reduce lab costs. You can simply get them enabled by purchasing a P2 licensing.
Terraform has already deployed the associated logs but here are instructions on how to do it in the portal.
Name the Diagnostic Setting as 'sec-lab' forwarding to 'sec-lab-logs' configured with the associated blue check marks.
NSG flow logs were created as part of the Terraform code. As a heads up per Microsoft:
These logs are already deployed within the tenant.
This is currently in preview and can confirm that there is no Terraform Support at this time. Thus needs to be created via the portal.
On September 30, 2027, network security group (NSG) flow logs will be retired. As part of this retirement, you'll no longer be able to create new NSG flow logs starting June 30, 2025. We recommend to , which overcome the limitations of NSG flow logs.