This week I was surprised to figure out that elevation logs that indicate a Global Admin becoming a User Access Administrator don’t flow to Log Analytics. It’s not possible to enable diagnostics settings for it. TL;DR I built a Logic App that forwards those logs to Log Analytics so I can have Analytic rules in… Continue reading Logging User Access Admin elevations to Microsoft Sentinel