Azure Active Directory (AD)¶
Azure Active Directory provides an identity and access management service. It serves as a comprehensive identity and access management solution for managing user identities, enabling secure authentication and authorization, and facilitating access to various resources and applications in the Azure ecosystem. Azure AD allows organizations to centralize and manage user accounts, their access privileges, and authentication mechanisms.
Installed Datasets¶
The AD app installs the following datasets:
Tenant - a resource dataset
Sign-In Logs - an event dataset
Audit Logs - an event dataset
Provisioning Logs - interval datasets
Viewing Azure AD in Observe¶
The Observe AD integration includes monitoring logs for audit, provisioning, and sign-in logs which you can find on Azure/Tenant resource. This dashboard provides you with a tenants and resource ID in your Azure app.
From here, you can GraphLink to Sign-In Logs, Audit Logs, and Provisioning Logs to view detailed logs.
With those logs, you can get answers to the following questions:
Who’s signing into the app?
How are users using your resources?
What changes were applied to your tenant such as users and group management or who and what updates were applied to your tenant’s resources?
What groups were created or updated or deleted from a specific app?
Sign-In Logs consist of interactive, non-interactive, and service principal sign-ins, as well as managed identities for Azure resource sign-ins.
Setup¶
To install AD, see Microsoft Azure Setup.
By default, the Observe Azure App enables the Active Directory service when installed.
If you don’t see the listed datasets, perform the following steps:
Select Apps icon from the left menu.
Click Manage on the Azure app card.
Click the Configuration tab.
Be sure you enabled the Enable Active Directory.
Figure 1 - Enabling Azure Active Directory Service
AD logs¶
To learn more about Azure Active Directory logging, see Azure Active Directory Reporting.