Documentation forAccess Rights Manager

Configure AAD Logga

The Azure Active Directory (AAD) Logga uses Azure audit log search functionality. In some cases, you must enable Azure audit log search. According to Microsoft, it may take up to 24 hours until all events are available to the audit log search.

Before you enable AAD Logga, prepare the Microsoft/Office 365 integration in the Azure Portal. Record the settings you create in the procedure, including the client ID and client secret key. These settings are required to configure AAD Logga.

  1. Start the Configuration application.

  2. Click Scans.

  3. Click Logga - Active Directory.

  4. In the Active Directory Logga selection window, select a resource.

    1. In the Credentials field, do not change the default credentials.
    2. In the Name field, select Microsoft Azure AD.
    3. Under Assigned collectors, select a collector server with Internet access to pull the AAD events.
    4. Click Apply.

  5. Review the AAD Logga scan configuration.

    1. In the Configuration screen, scroll down to the bottom to locate the ADD Logga scan configuration.
    2. Locate the ADD Logga scan configuration.
    3. The warning icon appended to the ADD Logga icon indicates that additional settings must be configured.
    4. Click one of the highlighted links.
  6. Locate the application ID and client secret settings you recorded when you prepared the Microsoft/Office 365 integration on the Azure Portal.

  7. In the Edit connection settings window, enter the connection settings to your Office 365 OneDrive Logga.

    1. In the Tenant URL field, enter the name of the tenant.

      For example:

      mycompany.com

    2. In the Application ID field, enter the application ID.

    3. In the Client Secret field, enter the client secret.

    4. In the Request audit data field, select the time interval in seconds for pulling events from AAD to the collector server.

    5. In the Comment field, enter a comment that describes your changes.

    6. Click Apply.

  8. Finish configuring the settings in the AAD scan configuration.

    1. (Optional) Create a new name for the AAD Logga configuration.
    2. Select the time interval in minutes when the Logga data is recorded from the collector to the ARM database.

    3. Set a filter to reduce the amount of data being collected.

      See Filter AD Logga events for more information.

    4. Slide the toggle switch to On to enable the scan configuration.

      According to Microsoft, after you prepare the Microsoft/Office 365 integration on the Azure Portal and enable logging in ARM, the event recording procedure may require up to 12 hours to begin.