Microsoft Azure monitoring

You can configure Microsoft Azure® to send the necessary logs to Arctic Wolf® for security monitoring using one of these methods:

• Script — See Configure Microsoft Azure for Arctic Wolf monitoring using a script.

  See Azure AD application PowerShell configuration script for more information about the Microsoft Azure monitoring PowerShell script.

• Manual — See Configure Microsoft Azure AD applications for Arctic Wolf monitoring manually.

  Note: The manual configuration steps are an alternative to script configuration, and can be used to replicate the target state using methods like Infrastructure as Code.

Supported regions for Azure monitoring

Arctic Wolf supports monitoring for all Azure regions except for regions in Azure Government. See Supported Azure Regions and Azure Geographies for more information.

Limitations of Azure monitoring

• Throttling may occur if too many requests are made to the Microsoft Graph API. This throttling threshold is reached due to a high volume of requests from multiple applications within a single Azure tenant or from a single application across all Azure tenants. Contention between the Arctic Wolf service and other applications running in the Azure tenant can affect timely log retrieval. See Microsoft Graph throttling guidance for more information.
• Microsoft Entra ID (formerly Azure AD) sign-in and audit logs may have a reporting latency of up to 8 hours between when an event is created on a monitored system and when the logs are available for Arctic Wolf to analyze. See Azure Active Directory reporting latencies for more information.

See also

• Configure Microsoft Azure AD applications for Arctic Wolf monitoring manually
• Configure Microsoft Azure for Arctic Wolf monitoring using a script
• Remove a Microsoft Azure AD application
• Remove an application with the Microsoft identity platform