1

I have a question around Azure AD user deletion.

We currently have internal application in which we store employee information using their email id. When an employee leaves the company their Azure AD account gets deleted by the admin team. But, we are not informed of this deletion. We are trying to figure out if there an event or trigger in Azure AD, that we can hook into, when a user is deleted or their details are modified.

Has anyone had this issue, and found a way around it?

Help much appreciated.

cayman
  • 51
  • 6
  • 1
    Deletions are tracked in the Azure AD audit logs. You'd need to tap into the log feed through some mechanism, of which there are a variety of options. One example is streaming via Event Hub: https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/tutorial-azure-monitor-stream-logs-to-event-hub – Noah Stahl Jul 20 '21 at 13:44

1 Answers1

2

As mentioned by @ Noahstahi deletion are tracked in the azure ad Audit logs you can route the logs to:

  • .An Azure storage account.
  • An Azure event hub, so you can integrate with your Splunk and Sumologic instances.
  • Azure Log Analytics workspace, wherein you can analyze the data, create dashboard and alert on specific events

or else we can create a Webhook for receiving "Delete" notifications when a user is deleted from Azure AD. Set up notifications for changes in user data

Reference SO Thread for using Webhook

JayakrishnaGunnam-MT
  • 1,548
  • 1
  • 5
  • 9