I have a question around Azure AD user deletion.
We currently have internal application in which we store employee information using their email id.
When an employee leaves the company their Azure AD account gets deleted by the admin team. But, we are not informed of this deletion.
We are trying to figure out if there an event or trigger in Azure AD, that we can hook into, when a user is deleted or their details are modified.
Has anyone had this issue, and found a way around it?
Help much appreciated.
As mentioned by # Noahstahi deletion are tracked in the azure ad Audit logs
you can route the logs to:
.An Azure storage account.
An Azure event hub, so you can integrate with your Splunk and Sumologic instances.
Azure Log Analytics workspace, wherein you can analyze the data, create dashboard and alert on specific events
or else we can create a Webhook for receiving "Delete" notifications when a user is deleted from Azure AD.
Set up notifications for changes in user data
Reference SO Thread for using Webhook
Related
I set up a simple scenario in Azure using a Storage Account, a Function App, and an Event Grid System Trigger. Blob uploads into the Storage Account should cause the Event Grid System Trigger to send a BlobCreated event to trigger the Azure Function.
I can see that the Event Grid System Topic appears to be configured for the correct storage account according to the overview page in the Azure Portal:
I have a subscription created for the Event Grid System Topic, and it subscribes to all of the events the storage account can generate as I can see in the Azure Portal. This shows all 6 event types enabled, so I'm not filtering them out.
Despite this, when I upload blobs into a container I created in my storage account and watch for the events to show up in the metrics on my Event Grid System Topic, or see my Azure Function trigger, no events appear to ever be generated. Some interesting points about my storage account which may be worth mentioning are:
I am using a premium storage account
I am using a private vnet for my storage account
I suspected the network, but to rule that out I changed my storage account back to public and tried again but it didn't change the behavior. From everything I can tell from documentation, this should be working. Any ideas why it isn't?
I work at MS in the SDK team, and I reached to an EventGrid team member directly for opinion:
I looked into our service logs for last two weeks and I could not find
any events for this topic/event-subscription.
Can you please provide specific time and region when you are
uploading/deleting/editing the blobs to help investigating? Also, is
this specific to this storage account? Was this working before or this
scenario working for other storage accounts? Can you please open a
support ticket to handle this properly.
Thanks! In any doubt on the process, feel free to reply to me, we'll monitor this thread
[Edit: more info from Storage team]
We communicated with Azure Storage team and they confirmed that the behavior as described is by design and expected. Here are some additional details from Azure Storage Team:
The issue is that the customer is using a Premium_LRS StorageV2
account. These accounts only support premium page blobs and premium
disks.
If the customer wants to store block blobs in the premium tier, they
need to create a BlockBlobStorage account.
See subscript 5 in this table:
https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview
I am an admin of a subscription along with some other people.
In Azure is it possible to create Alerts(using Activity Logs) on my Subscription to Notify me if someone adds/modifies or deletes any resource.
I know that i can add alerts on individual resources, but i want to add an alert at the subscription level.
Yes, you can select a resource, resource group, or an entire subscription for activity log signal
We could create the alert with Azure portal and set Alert Target subscription.
For more information, please refer to Create, view, and manage activity log alerts using Azure Monitor.
Is it possible to sync users from cloud Azure Active Directory to on premise AD? On premise is a bit wrong here because it is actually a virtual network in Azure with a Windows Server virtual machine AD. I started with Azure AD and therefore all users are there but I would like to sync them to this virtual machine AD in a virtual network in Azure. I tried Azure AD Connect but this works to sync form on premise to Azure AD. How can I do it the other way around?
Is it possible to sync users from cloud Azure Active Directory to on
premise AD?
For now, it is not possible.
Here the feedback about it, maybe you can vote up it, that feedback will be monitored and reviewed by the Microsoft engineering teams.
As a workaround, we can use powershell to export Azure AD users' information to local file, then use that file to create users in on premise AD.
Here a similar case about you, please refer to it.
Hope this helps.
I have written a custom algorithm to do the process and it works for me so far so well.
I would state the approach that I have followed. This process will get executed after user logs in through Single Sign On.
Step-by-step process to be followed once the user is validated with AD.
Fetch User Manager Chain for the user with Indian Region Filter
through Graph API
https://graph.microsoft.com/v1.0/users/${usermail}?$expand=manager($levels=max;
Convert User Chain Nested Objects to Array of Users
Loop user array in reverse
For every traversal, check if the user present (match with Object ID)
If User Present in Database,
a. Compare user data with OIDC :id:
b. On Variance, call update() to keep data in sync with AD information
User not Present in DB,
a. Call insert() to insert the user data to the database
Note:
I am calling this process every time a user logs in and it is able to insert any new users or update the data in the database if it doesn't match with AAD. This would be an efficient approach if the management chain is around 10. I couldn't find a way to do this thing anywhere else so came up with this process.
Actually I am working on an event based notification which will call a webhook/send an email in case a new resource gets added to my subscription. I could not find any Azure native service which will send me alerts/notification in case a new resource gets added to my subscription, but using powershell we can keep on polling on the resource list and workaround it, but if there is any native Azure service or function which can help me out, please inform.
You can use the azure activity log alerts to create a web hook/sms/email notification. This allows you to create a direct avenue straight from the Azure tooling. You can also use a variety of other methods to monitor your azure subscription including Log Analytics (event based logging, alerting and analytics) and App Insights (application logging and alerting)
In my company we have one Azure subscription and there are two or three users which are added on the same subscription and have right to create any resource on Azure.
Now since three users are working on same subscription and they are independently creating resources, I want to keep track or see which user created what resource on the same subscription.
Please let me know is there any way to see this tracking/activity details corresponding to the user.
Currently all users have administrator role/permission.
You are looking for the Activity Log:
The Azure Activity Log is a log that provides insight into the
operations that were performed on resources in your subscription
The Activity Logs provides customers a Portal and REST API experience to see who performed what management operations (PUT/DELET/POST) through Azure Resource Manager (ARM) for the past 90 days.
For anything older than 90 days, you have the option to archive the data to storage account or stream the data to Event Hub if you would like to ingest this data into your own system.
The Activity Log data is also available through the Operations Management Suite.
http://www.deployazure.com/management/operations-management-suite/azure-activity-log-analytics-alerts-with-operations-management-suite/