Query: Log Analytics Workspaces should block non-Azure Active Directory based ingestion

Description

Enforcing log ingestion to require Azure Active Directory authentication prevents unauthenticated logs from an attacker which could lead to incorrect status, false alerts, and incorrect logs stored in the system.

Query

Tables used in this query:

• azure_log_analytics_workspace
• azure_subscription

Controls using this query:

• Log Analytics Workspaces should block non-Azure Active Directory based ingestion

SQL