Unable to Export Entra Logs to Storage Account

Question

Unable to Export Entra Logs to Storage Account

Aayushi Saini 0

I am trying to export Microsoft Entra logs to a Storage Account, following the official documentation: https://docs.azure.cn/en-us/entra/identity/monitoring-health/howto-archive-logs-to-storage-account

While I am successfully able to see the Entra logs in our Log Analytics Workspace, the logs are not appearing in the configured Storage Account.

storage account is adlsv2 and we have network access enabled.

Jeevan Shanigarapu 5 Reputation points Microsoft External Staff Moderator

2025-08-08T15:29:21.3866667+00:00
Hello Aayushi Saini,
Thanks for reaching out Microsoft Q&A

Your logs are not showing up because Azure Data Lake Storage Gen2 (ADLSv2) accounts with the hierarchical namespace enabled are not supported for exporting diagnostic logs. This is a known Microsoft limitation. Even with proper network configuration, logs cannot be delivered to these storage accounts.

In Production Environment:

Use a Standard StorageV2 Account Without Hierarchical Namespace

Create a new Azure Storage account of type StorageV2 (general-purpose v2).

When you create it, make sure hierarchical namespace is NOT enabled.

This kind of storage account supports Entra ID log export fully.

For best practice, create it in the same region as your Entra tenant.

Update Your Diagnostic Settings:

In the Azure Portal, go to your Microsoft Entra ID service.

Navigate to Monitoring & health > Diagnostic settings.

Edit your existing diagnostic setting or create a new one to export logs like Audit Logs and Sign in Logs.

Select your new standard StorageV2 account as the destination.

Save the settings and wait up to 90 minutes (or more) for logs to start showing up.

Review Network and Permissions:

Make sure your storage account allows access from trusted Microsoft services.

If you use virtual networks or firewalls, configure them to let the log export through.

Confirm that you (or the service principal) have the necessary permissions like Storage Account Contributor.

Monitor and Verify:

Go to your storage account and look for containers named like insights-logs-auditlogs.

Check that log files are being created inside these containers over time.

Use tools like Azure Monitor or Application Insights to keep track of log export health.

Please Note:

Don’t disable hierarchical namespace on your existing ADLSv2 account, as this can cause data loss and service problems.

If you need hierarchical namespace features, consider exporting logs first to your Log Analytics workspace (which works for you already) and then use additional scripts or features to move logs into your ADLSv2 account.

Microsoft Document's for References:

How to archive Microsoft Entra logs to a storage account: https://docs.azure.cn/en-us/entra/identity/monitoring-health/howto-archive-logs-to-storage-account

Diagnostic settings and limitations for storage account export: https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings

Azure Storage account types and hierarchical namespace limitations: https://learn.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-introduction

Kindly let us know if the above helps or you need further assistance on this issue

1 answer

Your answer

Answer 1

Hi, it almost always happens due to network/permissions on Storage, not for Login. Do this, quickly:

Recreate the Diagnostic setting from Login → Monitoring → Diagnostic settings on the tenant (not on random resources), check the categories (AuditLogs/SignInLogs/… ) and choose “Archive to a storage account”.
On the ADLS Gen2 Storage, go to Networking: if you have private firewalls/PE, enable Allow trusted Microsoft services or add the “Azure Monitor” exception in the Resource instances; for testing, set “All networks” to 15 minutes to see if files arrive.
Check permissions: on Storage, the user creating the rule needs at least Contributor (subscription/RG); on Login, a high role (e.g. Security Admin).
Wait: files may appear with a 10–30 minute delay; check the insights-logs-* containers (e.g. insights-logs-auditlogs).
If Log Analytics receives but Storage doesn't: it's almost certainly the firewall; try "All networks," and if that works, re-enable the blocking by adding the exception for Azure Monitor.
Still empty? Check the Activity log to see if the "Create/Update diagnostic setting" operation succeeded; if it failed, it's a permissions issue; if it succeeded but no files, it's a network issue.

Share via

Unable to Export Entra Logs to Storage Account

1 answer

Your answer