SC-300 - Plan and Automate Identity Governance - Section 4.6
Monitor identity activity using sign-in and audit logs, diagnostic settings, KQL, workbooks, and Identity Secure Score.
Stream sign-in, audit, and provisioning logs to Log Analytics workspaces via diagnostic settings and write KQL queries to surface patterns in identity activity. Interpret workbooks and reports, act on Identity Secure Score recommendations, and recognise which log type contains evidence for a given investigation.
sign-in, audit, and provisioning logsdiagnostic settingsLog Analytics workspacesKQL queriesworkbooks and reportsIdentity Secure Score
More in this domain
Back to all Plan and Automate Identity Governance objectives, or the SC-300 cert hub.
Examworthy is not affiliated with or endorsed by Microsoft. Original, blueprint-aligned practice material only.