Microsoft Security Operations Analyst — Question 55
You have an Azure subscription that contains a Microsoft Sentinel workspace named Workspace1.
From Content Hub, you deploy the Microsoft Entra solution for Microsoft Sentinel and configure a connector.
You need to analyze actions performed by users that have administrative privileges to the subscription.
Which workbook should you use?
Answer options
- A. Azure Activity
- B. Microsoft Entra Audit logs
- C. Microsoft Entra Sign-ins logs
- D. Identity & Access
Correct answer: A
Explanation
The Azure Activity workbook provides insights into all activities and changes made within the Azure subscription, including those by users with administrative privileges. The other options, such as Microsoft Entra Audit logs and Microsoft Entra Sign-ins logs, focus on different aspects of user activity but do not directly provide a comprehensive view of administrative actions taken in the Azure environment.