Microsoft Azure Monitoring OverviewUpdated Nov 1, 2023
You can configure Microsoft Azure® to send the necessary logs to Arctic Wolf® for security monitoring using one of these methods:
See Azure AD application PowerShell configuration script for more information about the Microsoft Azure monitoring PowerShell script.
Note: The manual configuration steps are an alternative to script configuration, and can be used to replicate the target state using methods like Infrastructure as Code.
- Throttling may occur if too many requests are made to the Microsoft Graph API. This throttling threshold is reached due to a high volume of requests from multiple applications within a single Azure tenant or from a single application across all Azure tenants. Contention between the Arctic Wolf service and other applications running in the Azure tenant can affect timely log retrieval. See Microsoft Graph throttling guidance for more information.
- Microsoft Entra ID (formerly Azure AD) sign-in and audit logs may have a reporting latency of up to 8 hours between when an event is created on a monitored system and when the logs are available for Arctic Wolf to analyze. See Azure Active Directory reporting latencies for more information.