Configure Diagnostic Settings for Azure Active Directory (Azure AD) Tenant

B

To meet the given requirements, the logs should be stored in an Azure Log Analytics workspace, which is the correct answer (B).

Azure Log Analytics is a fully managed service in Azure that collects, analyzes, and acts on telemetry data from a variety of sources. It provides a scalable and cost-effective solution for collecting and analyzing data from various resources such as Azure resources, on-premises resources, and other cloud platforms. It uses the Kusto query language to query and analyze data.

Here's why Azure Log Analytics is the best option:

-> Retain logs for two years: Azure Log Analytics provides a flexible retention policy that allows you to retain logs for up to two years.

-> Query logs by using the Kusto query language: Azure Log Analytics uses Kusto Query Language (KQL) to query and analyze data. KQL is a powerful query language that allows you to search, analyze, and visualize data in real-time.

-> Minimize administrative effort: Azure Log Analytics provides a centralized location for collecting and analyzing data, which minimizes the administrative effort required to manage and maintain the logs. It also integrates with other Azure services, making it easy to configure and manage.

Azure Event Hub (A) is a service that enables event streaming and real-time data ingestion. While it can store data, it is not designed for log analytics or long-term retention.

Azure Storage account (C) is a cloud storage solution that can store various types of data, including logs. However, it does not provide log analytics capabilities or support for Kusto query language, which makes it less suitable for this scenario. Additionally, it requires more administrative effort to manage and maintain the logs.

In summary, Azure Log Analytics is the best option because it provides a scalable, cost-effective solution for collecting and analyzing logs, supports the Kusto query language, and offers flexible retention policies.