We all have seen information in the Microsoft 365 and Azure portal that we like to monitor on. Unfortunately not all what you see is in the log or available for monitoring.
In this session, I show how to build a monitor environment based on the elusive data.

I show how to get data from the Graph API using Azure Functions. I will show how to authenticate. Next, I show how to create a data endpoint and a data routing rule to store the custom data in Log Analytics.
Based on that data I create a monitor rule and use the Azure Monitor for the alert part.

At last, I show a way how to implement all needs that fits the Zero Trust philosophy. In that part, I show how to use Azure Functions in a Azure private network and how to deny public data ingestion using a Private Link Monitor Scope and private endpoints.