Microsoft has introduced customer-accessible logging for the legacy Azure AD Graph API (graph.windows.net), closing a significant visibility gap historically abused by adversary enumeration tools like ROADrecon and AADInternals. Defenders can now ingest AzureADGraphActivityLogs into their SIEM to detect bulk directory reconnaissance, suspicious user agents, and internal API misuse.