You have a Microsoft 365 E5 subscription and an Azure subscription.
You plan to analyze Microsoft Entra sign-in logs by using Azure Monitor.
You need to configure diagnostic settings for Microsoft Entra.
Which destination should you configure for the sign-in logs?
Correct Answer: ā C. A Log Analytics workspace Explanation: To analyze Microsoft Entra ID (formerly Azure AD) sign-in logs using Azure Monitor, you need to configure diagnostic settings to send the logs to an appropriate destination. š¹ Log Analytics workspace is the recommended and most effective destination for analyzing sign-in logs because: It integrates with Azure Monitor and Microsoft Sentinel for advanced security insights. You can run Kusto Query Language (KQL) queries to analyze sign-in patterns and detect anomalies. It supports log retention, alerting, and visualization in Azure Monitor. Why Are the Other Options Incorrect? A. An Azure Event Hub ā Used for streaming logs to third-party SIEMs or external systems, not for direct analysis in Azure Monitor. B. An Azure SQL Database ā Not supported as a destination for Microsoft Entra sign-in logs. SQL is used for structured data storage, not log analytics. D. An Azure Storage Account ā Used for archiving logs, but does not provide built-in analytics, search, or visualization like Log Analytics.
Answer C: