Azure Microsoft Graph Audit Logs integration via API

First of all, we log in to Azure with a user with administrator authorization.

Then we need to click on the Microsoft Entra ID tab and make App Registration from there. 

I indicated where it is in the image.

You will only need to provide an application name related to the registration process.

After registering, you can see Client ID and Tenant ID information under overview. You need to save these. You will need them during the resource addition phase.

Then we need to click Certificates & secrets and create a Secret Value.

After clicking on the new client secret tab, let's write a name in the section on the right and specify the time you want it to be valid. 

We need to make a note of the secret value we created. This information is visible once, you need to save it when you create it.

We need to enter the API Permission field, click Microsoft Graph and click Application Permission in the window that appears. Then just type audit in the search box, you can select everything under the auditlog tab in the field that appears. 

You can open everything under the Audit tab that you want to get logs from this area. 

When finished, you need to click Grant admin consent and complete the authorization.

Then we can go to the source addition area and select API > Azure Microsoft Graph Audit and enter the information we have previously saved in this field and pull the logs to Logsign USO.

Then you need to enter the following fields on the source addition screen.

Screenshot 2025-01-02 at 9.45.51 AM.png

We have collected the information required to get audit logs while configuring, we can write this data in the fields above. Scope and Base URL information is given below. If this information is written incorrectly, audit logs will not be received.

Client Secret > Obtained during configuration.

Client ID > Obtained during configuration.

Tenant ID > Obtained during configuration.

Scope > https://graph.microsoft.com/.default

Base URL > https://graph.microsoft.com

Then when you check connection, it should return success.

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.