Azure Integration

 Setup Steps

1. Log into your Azure Portal.
2. Click the menu in the top left
   
   
3. Select Resource groups
   
   
   
4. Click Create
5. Choose your Subscription and name your Resource group as follows:
   1. ab-eventhub-rg
6. Select Review + create
7. Navigate back to the top-left menu then select All services
   
   
   
8. Click Analytics
   
   
9. Under Real-time analytics, select Event Hubs
   
   
   
10. Click Create
11. Select Create new or use existing Resource group
12. Choose the Resource group created earlier in this guide (ab-eventhub-rg)
13. Under Namespace name type ab-namespace
14. Choose your region from the Azure locations group
15. Under Pricing tier, select Basic
16. Update Throughput Units to 2
17. Click Review + create
    
    
    
18. Click Go to resource
19. Select Entities on the left-hand side
    
    
20. Click Event Hubs
21. Select + Event Hub
    
    
    
22. Give the Event Hub the name azure-logs
23. Update the Partition Count to 2 and set Retention time (hrs) to 1
24. Click Review + create
25. Navigate back to the top left-hand menu and select Monitor
26. Select Activity Log
    
    
27. Click Export Activity Logs
    
    
28. Select +Add diagnostic setting
    
    
29. Name the Diagnostic setting as follows:
    1. Azure-Logs
30. Under Logs, select the following:
    1. Administrative
    2. Security
    3. Alert
31. Under Destination details check off:
    1. Stream to an event hub
32. Choose your azure-logs event hub under the Event hub name dropdown
    
    
    
33. Click Save
34. Navigate back to ab-namespace
    
    
    
35. In the left-hand menu under Settings, select Shared access policies
    
    
    
36. Select RootManageSharedAccessKey
    
    
    
37. Copy the value under Primary key and save securely – you'll need to provide this back to AgileBlue later
    
    
38. Next, copy and securely save the Primary connection string
    
    
39. In the search bar, search for and select Storage accounts
    
    
    
40. Click Create
    
    
    
41. Name the Storage account abcollector
42. Under preferred storage type, select Azure Blob Storage or Azure Data Lake Storage Gen 2
43. Under Redundancy, select Geo-redundant storage (GRS)
44. Once completed, the fields should look as follows (Note: Your subscription and Region name will be specific to your organization):
    
    
45. Click Review + create
46. Click Create
47. Select Go to resource
48. Select Security + networking in the left-hand menu
    
    
49. Click Access keys
    
    
50. Click Show then copy the Key and Connection string values, which will need to be provided to AgileBlue
51. Navigate to Microsoft Entra ID
    
    
52. Click Monitoring then Diagnostic settings
    
    
    
53. Select +Add diagnostic setting
54. Under Logs, check off:
    1. AuditLogs
    2. SignInLogs
    3. NonInteractiveUserSignInLogs
    4. ServicePrincipalSignInLogs
    5. ManagedIdentitySignInLogs
    6. ProvisioningLogs
    7. ADFSSignInLogs
    8. RiskyUsers
    9. UserRiskEvents
    10. RiskyServicePrincipals
    11. MicrosoftServicePrincipalSignInLogs
    12. MicrosoftGraphActivityLogs
55. Under Destination details specify Stream to an event hub
56. Name the Diagnostic setting entra-logs
57. Under Destination Details, specify your previously-used Subscription, Event hub namespace, Event hub name, Event hub policy name:
    
    
58. Click Save
59. Securely send the following values back to AgileBlue Support (support@agileblue.com):
    1. Event Hub Name (should be azure-logs)
    2. Connection String
    3. Storage Account Name (should be abcollector)
    4. Storage Account Key

Questions? Contact AgileBlue Support.

Email: support@agileblue.com
Phone: (216) 606-9400