To meet auditing and monitoring requirements, Azure AD must send sign-in logs and audit logs to an external location such as a Log Analytics workspace, Azure Storage account, or Event Hub. This is configured using Diagnostics settings in Azure AD.
According to Microsoft documentation in “Monitor Azure Active Directory activity logs in Azure Monitor” and the SC-300 learning objective “Implement and monitor identity governance”, you must enable diagnostic settings to stream directory logs to a Log Analytics workspace.
The scenario specifies:
“You create a Log Analytics workspace. You need to implement the technical requirements for auditing.”
By configuring Azure AD’s Diagnostics settings, you can:
Send Sign-in logs, Audit logs, and Provisioning logs to Log Analytics.
Correlate identity events with security insights in Azure Sentinel or Microsoft Defender for Cloud Apps.
Microsoft documentation confirms:
“To collect and analyze Azure AD sign-in and audit data, configure diagnostic settings to send logs to Log Analytics.”
Other options do not meet the requirement:
A. Company branding: Only affects login pages, not logging or auditing.
C. External Identities: Controls guest access, not logging.
D. App registrations: Used for app integration, not auditing.
