This document assumes that you have already created the app and registered the app for Transilience to have read only access into Azure. If not , refer to this document. Once the app is created, you need to add permissions for Transilience to access the logs.
The below is the summary for logs that are usually needed for compliance , depending on what Microsoft services you are using for security logging, monitoring and incident management.

In summary, you are giving access for Transilience to store, analyze and alert on Defender logs, Entra access logs, Intune logs
Step 1 -
Go to the registered app in App registrations, which you created already.

Click on API permissions

Step 2 -
Add each of the permissions above. Below are couple of examples.
Audit Log
(for us to read the audit logs)

Policy.Read.All
(for us to read policies)

User.Read.All

Directory.Read.All

ThreatHunting

Ensure you grant the permissions

Ensure you added below permissions

Save permissions
and Grant permissions

Additional permissions for Entra MFA / Conditional Access rule visibility
If you want Transilience to review Entra MFA enforcement rules and Conditional
Access policy configuration, also add these Microsoft Graph Application
permissions:
- Policy.Read.All
Used to read Conditional Access policies and Security Defaults policy state.
- Policy.Read.AuthenticationMethod
Used to read Authentication Methods Policy and Authentication Strength policies.
- Policy.Read.ConditionalAccess (recommended)
Used along with AuditLog.Read.All and Directory.Read.All to view applied
Conditional Access policy details in sign-in logs.
After adding these permissions, click Grant admin consent.
Inform your account manager of your forward deployed engineer that you have given access and pass the client ID, secret, tenant id.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article