Integrating the Entra-ID Governance logs with Sentinel

Mahmoud Farag 0 Reputation points
2025-08-22T14:58:44.36+00:00

Hello Team,

i am working currently on a project where we are implementing the entire features of Entra Governance and since we use the sentinel as our SIEM in the same sub, we are wondering if there is a way where we can push the Entra Governance logs (Activity ones for access review, access package, and so on including the reports) into sentinel.

i am not able to find any OOF-connector which is sort of expected, so is there an alternative such as APIs or maybe an azure function or also custom connector to achieve this?

thanks,

Microsoft Security | Microsoft Entra | Other
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 121.4K Reputation points MVP Volunteer Moderator
    2025-08-28T06:57:59.4333333+00:00

    Entra Governance logs are part of the Entra ID audit log datamart, and that can be integrated with Sentinel as detailed here: https://learn.microsoft.com/en-us/azure/sentinel/connect-azure-active-directory

    In general, you can configure the export process via Diagnostic settings as detailed for example here: https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-logs-and-reporting

    But in the case of Sentinel, you have an easier approach, as per the first article.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.