Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Fabric Ideas just got better! New features, better search, and direct team engagement. Learn more

fbcideas_migusr

Use the M365 Audit Log as a source for EventStreams

Submitted by on ‎03-19-2024 12:30 PM

Currently there is a tremendous amount of value in the M365 Audit log, but it is extremely difficult to access. Retention is low for API access and other methods are batch oriented at best. Apart from some work in Sentinel, there are no ways to react to events in near real time. This seems like an obvious data source for the RTA workload in Fabric. Kusto could allow for as much retention as desired, and streaming would allow for reactions in near real time.

Status: Planned

Thanks for your input.

 

To support low latency events, Eventstream is planning to integrate with Microsoft Graph change notifications. This feature will enable multiple scenarios like event-driven applications, anomaly detection and real-time analysis on Microsoft Graph data. 

 

If this is blocking you, please consider using LogicApp and connect to Eventstream (with customEndpoint as source) as a short term solution. 

3 Comments (3 New)
Comments
fbcideas_migusr
New Member
‎02-25-2025 01:07 AM
Status changed to: Under Review
 
YSD
Microsoft Employee
Microsoft Employee
‎06-08-2025 01:09 AM
Status changed to: New
 
Alicia_Li_MSFT
Microsoft Employee
Microsoft Employee
Thursday
Status changed to: Planned

Thanks for your input.

 

To support low latency events, Eventstream is planning to integrate with Microsoft Graph change notifications. This feature will enable multiple scenarios like event-driven applications, anomaly detection and real-time analysis on Microsoft Graph data. 

 

If this is blocking you, please consider using LogicApp and connect to Eventstream (with customEndpoint as source) as a short term solution.