Skip to content

12 - Log Analytics Workspace (LAW) + Azure Subscription + Entra ID Logs

IMPORTANT: Liaise with Stratus Cyber Team to perform this step and ensure your access is setup.

1. Create Azure Subscription

  1. Get Ajay to add a pay-as-you-go government subscription to the Azure tenant. He can do this by visiting portal.azure.us and logging in with his Global Admin account and browsing to Subscriptions > Add > Pay-as-you-go

  2. It will require billing info, hence needing Ajay to do this

  3. Ensure owner permissions are added for Reed, Ajay and Casey with 'Eligible' assignment so that it can be activated when required

  4. Also add owner permissions to the Emergency Access account with permanent assignment

  5. On the Subscription, go to Resource Providers and find Microsoft.DesktopVirtualization and register it

2. Create a Log Analytics Workspace

  1. Head to Log Analytics Workspace in portal.azure.us

  2. Create a new one and during the process use these names:

    • Resource Group name: clientabbreviation-Logging (e.g. BA-Logging, TC-Logging, etc.)
    • Log Analytics Workspace name: LAW-IdentityLogs

3. Configure Entra ID Diagnostics Settings

  1. Head to Entra ID within the portal.azure.us site (not entra.microsoft.us) and go to Diagnostics Settings

  2. Add/create diagnostics settings and call it LAW-IdentityLogs-SignInLogs

    • Use the following diagnostics: SignInLogs and AuditLogs
    • Send it to a LAW and pick the new LAW you made earlier