In my latest blog "Now You See Me: AADGraphActivityLogs" I explore the newly released Azure AD Graph logs and demonstrate how you can detect tools like ROADtools and AADinternals that rely on this API and have been under the radar for defenders so far.

https://cloudbrothers.info/en/aadgraphactivitylogs/