Skip to main content

Hi, 

I aim to ingest entity information from Azure AD (Entra ID). The feed is set up according to this documentation, Collect Microsoft Azure AD Context logs. I have made sure my App registration have the application permissions “AuditLog.Read.All”, “Directory.Read.All” and “SecurityEvents.Read.All”.

 

The feed is running if I do not check the Retrieve Devices or Retrieve Groups, but when these options are checked the feed get an “Internal server error”. Could this be due to some issue with the permissions? Have anyone managed to get the feed to retrieve devices and groups?

It’s happened to me a few times in the past, and usually it just sorted itself out after a few hours.
Still, if it hadn’t, I would’ve opened a support case to check what error is being thrown on the backend side with Azure.
An 'Internal Server Error' usually means something went wrong server side, and there’s not much you can see or troubleshoot from your end.

Thanks!
We tested some more. The error occur whenever the feed is created (regardless if devices or groups are included or not) and then it works if something is updated once. My colleague has opened a support case to get some more insights. 

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.