Skip to main content

AzureAD (Entra ID) Audit

Obtain Tenant ID from Azure Active Directory

Your organization's Tenant ID from Azure Active Directory (Entra ID) will allow Fluency to use the Microsoft APIs to poll for your data.

If you do not know your TenantID, this value can be found in the Azure Active Directory (Entra ID) portal at https://aad.portal.azure.com/.

Prerequisites

Before you can access data through the Microsoft Graph activity logs API, you must ensure that you have an Azure AD Premium P1 or P2 tenant license in your tenant.

For more information, see the following Microsoft link: Access Microsoft Graph activity logs (preview)

Configure the Azure AD Audit plugin in Fluency

Login to the Fluency Cloud portal: https://(companyname).cloud.fluencysecurity.com.

Open the dropdown menu and choose the Cloud Integrations option under the Data Ingress section.

On the following page, navigate to the Office Software as a Service section.

To edit/view/configure an existing connector, look for the Azure AD Audit integration endpoint from the list on the right side of the page, and choose the gear icon.

To add a new connector, click the Azure AD Audit icon from the list on the left side of the page.

In the pop-up window, provide a Customer name for this integration. Normally, this will just be the name of your organization. This value will be used solely within Fluency. Then, enter the Tenant ID for the organization that was obtained earlier. Click "Proceed" to save this configuration.

You will be redirected to a Microsoft login page to provide Admin consent.

Please ensure that the Microsoft account used in the following section has the Administrative privileges to provide the required consent on behalf of your organization.

Review/Accept Permission grant request

The following permissions are required in order to enable Fluency to access User Account Audit events via the Office365 Management API:

  • Sign in and read user profile
  • Read all audit log data
  • Read directory data

You will see the following page after successful authentication:

Upon granting consent, you will be redirected back to the Fluency portal.

Please contact the Fluency Support team if you encounter any errors in the above process.

Additional Information

Remove permissions

Admin users can remove the permissions for the Application at anytime from Azure Active Directory's Enterprise applications page.

Microsoft documentation reference

https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-audit-logs

Page last updated: 2023 Oct 02