Microsoft Foundry Logging: Entra ID Diagnostic Settings and the Identity Plane

Entra ID diagnostic settings are the foundation for AI Foundry agent logging, not a nice-to-have and not replaceable by Advanced Hunting tables. This post covers what to configure, what each table delivers for security operations, how to correlate identity plane data with Foundry resource logs, and includes KQL detection queries for agentic sign-in activity, agent identity lifecycle events, and cross-table correlation patterns.

1 May 2026·22 min readIntermediateMicrosoft FoundryMicrosoft SentinelEntra IDKQLAI

Microsoft Foundry Logging: Control Plane, Data Plane, and Application Insights

A breakdown of every logging layer available in Microsoft Foundry: what each captures, which sources security operations teams need to enable, and why the routing decisions matter before anything goes to production.

10 April 2026·13 min readBeginnerMicrosoft FoundryAIMicrosoft SentinelIdentity