Supported logs for Microsoft.AAD/DomainServices

The following table lists the types of logs available for the Microsoft.AAD/DomainServices resource type.

For a list of supported metrics, see Supported metrics - Microsoft.AAD/DomainServices

Category	Category display name	Log table	Supports basic log plan	Supports ingestion-time transformation	Example queries	Costs to export
AccountLogon	AccountLogon	AADDomainServicesAccountLogon	No	Yes	Queries	No
AccountManagement	AccountManagement	AADDomainServicesAccountManagement	No	Yes	Queries	No
DetailTracking	DetailTracking		No	No		No
DirectoryServiceAccess	DirectoryServiceAccess	AADDomainServicesDirectoryServiceAccess	No	Yes	Queries	No
DNSServerAuditsDynamicUpdates	DNSServerAuditsDynamicUpdates - Preview	AADDomainServicesDNSAuditsDynamicUpdates DNS server audit events enable change tracking on the DNS server. This table contains operational audit events for dynamic updates.	Yes	No		Yes
DNSServerAuditsGeneral	DNSServerAuditsGeneral - Preview	AADDomainServicesDNSAuditsGeneral DNS server audit events enable change tracking on the DNS server. An audit event is logged each time server, zone, or resource record settings are changed. This includes operational events such as zone transfers, and DNSSEC zone signing and unsigning. This table captures audit events that are not from dynamic updates.	Yes	No		Yes
LogonLogoff	LogonLogoff	AADDomainServicesLogonLogoff	No	Yes	Queries	No
ObjectAccess	ObjectAccess		No	No		No
PolicyChange	PolicyChange	AADDomainServicesPolicyChange	No	Yes	Queries	No
PrivilegeUse	PrivilegeUse	AADDomainServicesPrivilegeUse	No	Yes	Queries	No
SystemSecurity	SystemSecurity		No	No		No

Next Steps

• Learn more about resource logs
• Stream resource logs to Event Hubs
• Change resource log diagnostic settings using the Azure Monitor REST API
• Analyze logs from Azure storage with Log Analytics
• Optimize log queries in Azure Monitor
• Aggregate data in a Log Analytics workspace by using summary rules (Preview)