This document assumes that you have already created the app and registered the app for Transilience to have read only access into Azure. If not , refer to this document. Once the app is created, you need to add permissions for Transilience to access the logs.
The below is the summary for logs that are usually needed for compliance , depending on what Microsoft services you are using for security logging, monitoring and incident management.
In summary, you are giving access for Transilience to store, analyze and alert on Defender logs, Entra access logs, Intune logs
Step 1 -
Go to the registered app in App registrations, which you created already.
Click on API permissions
Step 2 -
Add each of the permissions above. Below are couple of examples.
Audit Log
(for us to read the audit logs)
Policy.Read.All
(for us to read policies)
User.Read.All
Directory.Read.All
ThreatHunting
Ensure you added below permissions
Save permissions
and Grant permissions
Inform your account manager of your forward deployed engineer that you have given access.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article