+2We have a requirement to ingest the audit and sign in logs of entra id to secops using the SecOps third party APIs.
We have tried using the graph API method from O365 for this, and the audit logs are being ingested successfully, but the sign in logs are failing with an error.
Since it was failing, we tried ingesting by creating a separate client ID for the sign in logs , which was also failing.
is there a reason for this?
+8Hi,
What’s the error you are receiving? Since you mentioned you are using M365, do you have an E5 license?
For integrating these logs, it’s recommended to enable the following integrations:
Collect Microsoft Entra ID Audit logs
+2Hi,
What’s the error you are receiving? Since you mentioned you are using M365, do you have an E5 license?
For integrating these logs, it’s recommended to enable the following integrations:
Collect Microsoft Entra ID Audit logs
Hi,
The license is actually a business license, and the Entrea ID is the free version of it.
This is the error i am getting.
Error: ACCESS_DENIED[HTTP 403] The auth account provided in feed configuration lacks required permissions.
I have enabled all permissions as the documentation says, which worked for the Entra ID audit logs, but not for the Azure AD logs.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
