Microsoft Graph API Permissions for Monitoring Azure

To fetch Azure app registration details, the Datadog-Azure integration requires access to the Microsoft Graph API, which is queried at the tenant level.

Note: On the Azure integration tile in Datadog, if there are several app registrations (client IDs) used for the same tenant, you only need permissions on one app registration.

Setup

  1. In your Azure portal, go to the App registrations page. Click on the app registration you want to modify.

  2. In the left sidebar, under the Manage section, click on API permissions.

  3. Click + Add a permission.

  4. In the panel that opens, select Microsoft Graph.

  5. On the next page, select Application permissions. Then, under Select permissions, search for and enable each of the following permissions.

    • Application.Read.All
    • Directory.Read.All
    • Group.Read.All
    • Policy.Read.All
    • User.Read.All

    Click the checkbox on the left, and click the Add permissions button at the bottom to add each permission.

    Panel for adding Microsoft Graph API permissions. 'Application permissions' is selected. Under the 'Select permissions' section, a user has typed in 'Application.Read.All'. In the section below, under 'Application (1)', the Application.Read.All permission appears next to a selected checkbox.

Further Reading

Additional helpful documentation, links, and articles:

Datadog-Azure IntegrationDOCUMENTATION more more