Monitoring Microsoft Entra ID

Microsoft Entra ID is the identity and directory management service that combines basic directory services, application access management, and identity protection in a single solution. The Wazuh azure-logs module requires dependencies to work as well as the right credentials to access the logs. Take a look at the prerequisites section before proceeding.

Wazuh is able to monitor the Microsoft Entra ID (ME-ID) service using the Activity reports provided by the Microsoft Graph REST API. Microsoft Entra ID applications can make use of the Microsoft Graph API to perform read operations on directory data and objects.