Azure Activity
- 14 Jan 2025
- 1 Minute to read
- Contributors
- Print
- DarkLight
Azure Activity
- Updated on 14 Jan 2025
- 1 Minute to read
- Contributors
- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Azure Activity Logs provide a comprehensive record of actions capturing operations that impact resources, such as creating, updating, or deleting. They cover various categories, including administrative actions, service health events, alert triggers, and policy compliance checks.
Integration Method: API
Tables: Detection, Compliance, Entity Management
Events: Administrative, Alerts, Policy changes, Security
Azure Configuration
Step 1. Create an App registration
Step 2. Register the application
Step 3. Add a client Secret
Step 4. Locate the Tenant ID - Find the Tenant ID on the application’s Overview page.
Step 5. Configure Permissions - Set up the following permissions:
Permission Name | Type |
AccessReview.Read.All | Delegated |
AccessReview.Read.All | Application |
AuditLog.Read.All | Delegated |
AuditLog.Read.All | Application |
User.Read | Delegated |
Assign a Reader Role to the Subscription
Navigate to Home > Subscriptions and select the appropriate subscription the application should be given access to. In this example, it is the CDS_R15_Sub1 subscription
.png?sv=2022-11-02&spr=https&st=2025-01-18T02%3A05%3A27Z&se=2025-01-18T02%3A15%3A27Z&sr=c&sp=r&sig=juJkcgo7oGEpk56bKbjHJG5JVAIeCbieXc9FDJcKGl0%3D)
Select Access Control (IAM), click on Add and select “Add role assignment”
.png?sv=2022-11-02&spr=https&st=2025-01-18T02%3A05%3A27Z&se=2025-01-18T02%3A15%3A27Z&sr=c&sp=r&sig=juJkcgo7oGEpk56bKbjHJG5JVAIeCbieXc9FDJcKGl0%3D)
Select Reader role and click on Next
.png?sv=2022-11-02&spr=https&st=2025-01-18T02%3A05%3A27Z&se=2025-01-18T02%3A15%3A27Z&sr=c&sp=r&sig=juJkcgo7oGEpk56bKbjHJG5JVAIeCbieXc9FDJcKGl0%3D)
Click on Select members and add the “Test Application” created earlier, click on Next
.png?sv=2022-11-02&spr=https&st=2025-01-18T02%3A05%3A27Z&se=2025-01-18T02%3A15%3A27Z&sr=c&sp=r&sig=juJkcgo7oGEpk56bKbjHJG5JVAIeCbieXc9FDJcKGl0%3D)
Under Assignment type tab, choose the assignment duration. Selecting permanent will ensure data will flow into your DataBee tenant without interruption. Click on Review + assign.
.png?sv=2022-11-02&spr=https&st=2025-01-18T02%3A05%3A27Z&se=2025-01-18T02%3A15%3A27Z&sr=c&sp=r&sig=juJkcgo7oGEpk56bKbjHJG5JVAIeCbieXc9FDJcKGl0%3D)
.png?sv=2022-11-02&spr=https&st=2025-01-18T02%3A05%3A27Z&se=2025-01-18T02%3A15%3A27Z&sr=c&sp=r&sig=juJkcgo7oGEpk56bKbjHJG5JVAIeCbieXc9FDJcKGl0%3D)
.png?sv=2022-11-02&spr=https&st=2025-01-18T02%3A05%3A27Z&se=2025-01-18T02%3A15%3A27Z&sr=c&sp=r&sig=juJkcgo7oGEpk56bKbjHJG5JVAIeCbieXc9FDJcKGl0%3D)
.png?sv=2022-11-02&spr=https&st=2025-01-18T02%3A05%3A27Z&se=2025-01-18T02%3A15%3A27Z&sr=c&sp=r&sig=juJkcgo7oGEpk56bKbjHJG5JVAIeCbieXc9FDJcKGl0%3D)
.png?sv=2022-11-02&spr=https&st=2025-01-18T02%3A05%3A27Z&se=2025-01-18T02%3A15%3A27Z&sr=c&sp=r&sig=juJkcgo7oGEpk56bKbjHJG5JVAIeCbieXc9FDJcKGl0%3D)
.png?sv=2022-11-02&spr=https&st=2025-01-18T02%3A05%3A27Z&se=2025-01-18T02%3A15%3A27Z&sr=c&sp=r&sig=juJkcgo7oGEpk56bKbjHJG5JVAIeCbieXc9FDJcKGl0%3D)
DataBee Configuration
Login to the DataBee console and navigate to the Data > Data Sources tab
Click on Add New Source
Search for Azure Activity and select it
Select API Ingest
Enter basic contact information in the dialog box and click Next
In the detailed configuration boxes, ensure the following fields are filled
Authorization Method: OAuth2
Client Key: Paste the client key generated in the Microsoft console
Secret Key: Paste the client secret generated in the Microsoft console
API URL: https://management.azure.com/subscriptions/<subscriptionId>/providers/Microsoft.Insights/eventtypes/management/values?&api-version=2015-04-01
Token URL: https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token
Replace the <tenant_id> and <subscriptionId> placeholders with your tenant information
Click Submit
Was this article helpful?