Azure Active Directory is a cloud hosted Active Directory offering by Microsoft Azure. This integration allows you to ingest your Azure AD activity logs (audit and sign-in logs) to Datadog.
This integration forwards logs to Datadog using Azure with Event Hubs. Configure Azure AD to forward activity logs to the event hub.
Set up the log forwarding pipeline from Azure to Datadog using Event Hubs by following the log collection documentation.
In Azure portal, select Azure Active Directory > Monitoring > Audit logs.
Select Export Settings.
In the Diagnostics settings pane, do one of the following:
Select the Stream to an event hub check box, and then select Event Hub/Configure.
Select the Azure subscription and Event Hubs namespace that you created earlier to route the logs to.
Select OK to exit the event hub configuration.
Do one or both of the following. Datadog recommends selecting both.
Logs should start coming into Datadog within 15 minutes. For more details on the setup, see the Azure tutorial.
This integration allows you to setup log ingestion for Azure Active Directory activity logs.
This includes the following:
Sign-ins – Provides information about the usage of managed applications and user sign-in activities.
Audit logs - Provides traceability through logs for all changes done by various features within Azure AD.
Azure Active Directory does not include any metrics.
Need help? Contact Datadog support.