Microsoft Azure – Enabled the Azure Activity Data Connector

Azure Activity Data Connector is a service that collects and analyzes audit logs from Azure resources. This helps in monitoring and investigating security threats, troubleshooting problems, and complying with regulatory requirements. By enabling the Azure Activity Data Connector with Microsoft Sentinel you can collect data from Azure Resource Manager, Azure Resource Provider Logs, and Azure Operational Insights from multiple Azure subscriptions. You can also collect data in real-time and can create analytics rules, and Azure workbooks in Microsoft Sentinel.

Steps To Enable Azure Activity Data Connector

Step 1: Login to your Azure portal

Step 2: Search and select the Microsoft Sentinel from Azure Global Search and select your sentinel resource

Step 3: Now from the left-hand side menu scroll down to configurations >> select Data connectors.

Step 4: From the data connectors gallery, select Azure Activity >> click on Open connector page.

Step 5: In Configuration area, scroll down to Connect your subscription >> click on Launch Azure Policy Assignment Wizard.

Step 6: Now in Basics tab, select the ellipsis button (…) under Scope and select the target azure subscriptions or management group you want to connect to the Azure Activity Data Connector.

Step 7: Select the Parameters tab, select your primary Log Analytics workspace from the drop-down list >> select the log analytics workspace which you want to collet the logs and click on select.

Step 8: In Remediation tab, check the box “Create managed identity” >> select System managed identity and select the location of your choice.

Step 9 : Select Review + assign to review the assignment details and click on create.

Azure Activity Data Connector will now start collecting data from your selected Azure subscriptions. This will take 15-30 minutes to start collecting the data from data connector. To verify that the Azure Activity Data Connector is enabled or not? You can navigate to Data connectors in Microsoft Sentinel and select Azure Activity. The status of the connector should be Enabled.

FAQs On Azure Activity Data Connector

1. What are the Benefits Of using the Azure Activity Data Connector?

Log Monitoring, Improved security, Reducing risk with alerts and insights and Compliance with security regulations.

2. Which Resources Are Required To Enable Azure Activity Data Connector?

Log Analytics Workspace and Azure subscription are the two services required to enable the connector and stream Azure Activity Log data.

3. Azure Activity Data Connector provides Insights about?

Azure Activity Log data provides insights about subscription-level service health events, write operations and the status of activities performed at resource level within a subscription.