Steps To Enable Azure Activity Data Connector
Step 1: Login to your Azure portal
Step 2: Search and select the Microsoft Sentinel from Azure Global Search and select your sentinel resource
Step 3: Now from the left-hand side menu scroll down to configurations >> select Data connectors.
Step 4: From the data connectors gallery, select Azure Activity >> click on Open connector page.
Step 5: In Configuration area, scroll down to Connect your subscription >> click on Launch Azure Policy Assignment Wizard.
Step 6: Now in Basics tab, select the ellipsis button (…) under Scope and select the target azure subscriptions or management group you want to connect to the Azure Activity Data Connector.
Step 7: Select the Parameters tab, select your primary Log Analytics workspace from the drop-down list >> select the log analytics workspace which you want to collet the logs and click on select.
Step 8: In Remediation tab, check the box “Create managed identity” >> select System managed identity and select the location of your choice.
Step 9 : Select Review + assign to review the assignment details and click on create.
Azure Activity Data Connector will now start collecting data from your selected Azure subscriptions. This will take 15-30 minutes to start collecting the data from data connector. To verify that the Azure Activity Data Connector is enabled or not? You can navigate to Data connectors in Microsoft Sentinel and select Azure Activity. The status of the connector should be Enabled.
Microsoft Azure – Enabled the Azure Activity Data Connector
Azure Activity Data Connector is a service that collects and analyzes audit logs from Azure resources. This helps in monitoring and investigating security threats, troubleshooting problems, and complying with regulatory requirements. By enabling the Azure Activity Data Connector with Microsoft Sentinel you can collect data from Azure Resource Manager, Azure Resource Provider Logs, and Azure Operational Insights from multiple Azure subscriptions. You can also collect data in real-time and can create analytics rules, and Azure workbooks in Microsoft Sentinel.