How to configure Entra ID auditing in ADAudit Plus
In this article:
Objective
Prerequisites
Steps to follow
Validation and confirmation
Tips
Related topics and articles
Objective
This article explains how to configure Entra ID auditing in ADAudit Plus to monitor and track user activities, sign-ins, group modifications, and changes to directory roles within Azure Active Directory (Entra ID).
By integrating Entra ID with ADAudit Plus, administrators can achieve centralized auditing of their cloud infrastructure alongside on-premises AD auditing.
Prerequisites
ADAudit Plus should be installed and operational.
A valid Entra ID subscription with appropriate licenses (like Entra ID Premium P1/P2) to enable auditing features.
Global Administrator or privileged role administrator rights in Entra ID are needed to configure auditing and provide necessary API permissions. (Only needed for configuration of the application in Entra ID)
Entra ID Graph API or Microsoft Graph API permissions enabled.
ADAudit Plus must have internet access to communicate with Entra ID.
Steps to follow
Configuring using Entra ID/Azure AD premium license
To audit your Entra ID environment using an Entra ID Premium license. ADAudit Plus uses the Microsoft Graph API to obtain events from Entra ID.
Privileges required while using Microsoft Graph API
Application.Read.All
AuditLog.Read.All
Directory.Read.All
IdentityRiskEvent.Read.All
Group.Read.All
User.Read.All
DeviceManagementApps.Read.All
DeviceManagementManagedDevices.Read.All
1. Register an application
Register an application in the Azure portal, using these steps:
Go to the Azure portal, and sign in using your Microsoft account.
Select Azure Active Directory from the Azure services section.
Go to Manage > App registrations > + New registration to open the Register an application window.
Enter the application name, for example, ADAudit Plus Application.
Ensure that Accounts in this organizational directory only (zohoadapazure only - Single tenant) is selected under Supported account types.
Click Register.
2. Grant minimum privileges required for Microsoft Graph API
Go to the Azure portal, and sign in using your Microsoft account.
Select Azure Active Directory from the Azure services section.
Go to Manage > App registrations. Select your application under Owned applications.
Go to Manage > API permissions and select + Add a permission.
Select Microsoft Graph. Click Application permissions as the type of permission required.
From the listing, select the following:
Application.Read.All
AuditLog.Read.All
Directory.Read.All
IdentityRiskEvent.Read.All
Group.Read.All
User.Read.All
DeviceManagementApps.Read.All
DeviceManagementManagedDevices.Read.All
Click Add permissions.
Select Grant admin consent for <tenantname >
Click Yes.
3. Obtain the tenant name
Go to the Azure portal, and sign in using your Microsoft account.
Search for and select Microsoft Entra ID.
Go to Manage > Custom domain names.
Click Add filter.
Set Filter to Status and Value to Verified, and then click Apply.
From the listed domains, copy a name of a domain (preferably one that ends with .onmicrosoft.com) as this will be needed when setting up Entra ID in ADAudit Plus.
4. Obtain client ID and client secret
Go to the Azure portal, and sign in using your Microsoft account.
Select Azure Active Directory service from the Azure services section.
Go to Manage > App registrations. Select your application under Owned applications.
Go to Manage > Certificates & secrets.
Click + New client secret.
Enter the description.
Choose 24 Months as the expiration date; this is the maximum value that can be used.
Click Add.
Copy the client secret value (e.g., "14uCILxkHtIVGR3wkCq12341Nd5VtestkkWTyIPrrE=")
Go to Manage > App registrations. Select your application under Owned Applications.
Navigate to Application (Client ID) and click Copy to clipboard.
5. Setting up Entra ID in ADAudit Plus
Open the ADAudit Plus web console.
Go to Configuration > Configured Server(s) > Cloud Directory.
Select +Add Tenant in the top-right corner.
Select Audit via Azure.
In the Cloud Directory window, choose the Cloud Type based on the national cloud points from the list below:
Entra ID global service (Azure Cloud - Default)
Entra ID for US Government L4 (Azure GCC High Cloud)
Entra ID for US Government L5 (Azure DOD Cloud)
Entra ID China operated by 21Vianet (Azure China Cloud)
Entra ID for Germany (Azure Germany Cloud)
Enter the Tenant Name, Client ID, and Client Secret.
Click Add.
6. Privileges required while using Entra ID Graph API
The use of Entra ID Graph API is deprecated. Instead, it's strongly recommended you use the Microsoft Graph API to audit your Entra ID.
For more details on why Entra ID graph API was deprecated, check the FAQ.
Check if you are using Entra ID Graph API and, if so, migrate using these steps:
Open the ADAudit Plus web console.
Go to Configuration > Configured Server(s) > Cloud Directory.
In the top-right corner, if the Migrate to Microsoft Graph API button is available, then Azure Active Directory Graph API is in use.
If the Back to Entra ID Graph API button is available, then Microsoft Graph API is in use.
Migrate to Microsoft Graph API from Entra ID Graph API by clicking Migrate to Microsoft Graph API at the top-right corner.
Click Yes in the confirmation prompt.
Note: Once you have migrated to Microsoft Graph API, add the necessary minimum privileges using the steps listed here.
If you still want to use Entra ID Graph API, you can find the privileges required below:
Directory.Read.All
Configuring using a Microsoft 365 license
To audit your Entra ID (renamed as Entra ID) environment using a Microsoft 365 license, ADAudit Plus uses the Microsoft 365 Management API for all installations after ADAudit Plus build 7050.
Privileges required while using Microsoft 365 Management API
Microsoft Graph API > Directory.Read.All
Office 365 Management API > ActivityFeed.Read
1. Register an application
Register an application in the Azure portal, using these steps:
Go to the Azure portal, and sign in using your Microsoft account.
Select the Azure Active Directory service from the Azure services top pane.
Go to Manage > App registrations > + New registration to open the Register an application window.
Enter the application name, for example, ADAudit Plus Application.
Ensure that Accounts in this organizational directory only (zohoadapazure only - Single tenant) is selected under Supported account types.
Click Register.
2. Grant minimum privileges required for Microsoft 365 Management API
Grant the necessary privileges using Microsoft 365 Management API, using these steps:
Go to the Azure portal, and sign in using your Microsoft account.
Select the Azure Active Directory service from the Azure services section.
Go to Manage > App registrations. Select your application under Owned applications.
Go to Manage > API permissions and select + Add a permission to open the Request API permissions window.
Select Office 365 Management APIs.
Choose Application permissions.
In the Request API permissions window, select Application permissions, then check the ActivityFeed.Read box under ActivityFeed. Select Add permissions.
Once again, go to Manage > API permissions > + Add a permission.
Select Microsoft Graph in the Request API permissions window.
Select Application permissions.
Check the Directory.Read.All box under Directory. Select Add permissions.
Select Grant admin consent for <tenant name>.
Click Yes.
3. Obtain the tenant name
Go to the Azure portal, and sign in using your Microsoft account.
Search for and select Microsoft Entra ID.
Go to Manage > Custom domain names.
Click Add filter.
Set Filter to Status and Value to Verified, and then click Apply.
From the listed domains, copy a name of a domain (preferably one that ends with .onmicrosoft.com) as this will be needed when setting up Entra ID in ADAudit Plus.
4. Obtain client ID and client secret
Go to the Azure portal, and sign in using your Microsoft account.
Select the Azure Active Directory service from the Azure services section.
Go to Manage > Certificates & secrets.
Click + New client secret.
Type in the description and the expiration date.
Click Add.
Copy the client secret value (e.g., 14uCILxkHtIVGR3wkCq12341Nd5VtestkkWTyIPrrE=).
Go to Manage > App registrations. Select your application under Owned applications.
Navigate to Application (client ID) and click Copy to clipboard.
5. Setting up Entra ID in ADAudit Plus
Open the ADAudit Plus web console.
Go to Configuration > Configured Server(s) > Cloud Directory.
Select + Add Tenant.
Select Audit via Office 365.
In the Cloud Directory window, enter the Tenant Name, Client ID, and Client Secret.
Validation and Confirmation
Navigate to Reports → Entra ID.
Verify that audit reports are generated for:
User sign-ins
User creation/deletion
Group modifications
Role changes
Perform test activities in Entra ID and confirm they appear in ADAudit Plus reports.
Tips
Periodically rotate Client Secrets for security.
Ensure required API permissions are not removed from the registered app.
Enable alert profiles in ADAudit Plus for critical Entra ID events.
Review Entra ID reports regularly to ensure complete visibility.
Use filters and custom reports to tailor Entra ID auditing as per compliance needs.
Related Topics and Articles
New to ADSelfService Plus?
Related Articles
How to configure Attack Surface Analyzer for Azure in ADAudit Plus
In this article: Objective Prerequisites Steps to follow Validation and confirmation Tips Related topics and articles Objective This article explains how to configure the Attack Surface Analyzer in ADAudit Plus for monitoring and auditing cloud ...How to configure Attack Surface Analyzer for Azure in ADAudit Plus
In this article: Objective Prerequisites Steps to follow Validation and confirmation Tips Related topics and articles Objective This article explains how to configure the Attack Surface Analyzer in ADAudit Plus for monitoring and auditing cloud ...How to detect and get alerted to logins from anonymized IP addresses in Entra ID
In this article: Objective Prerequisites Steps to follow Validation and confirmation Tips Related topics and articles Objective This article guides you through the process of detecting and configuring alerts for login attempts originating from ...Privileges required for ADAudit Plus auditing
In this article: Objective Prerequisites Steps to follow Validation and confirmation Tips Related topics and articles Objective This article outlines the minimum privileges required for ADAudit Plus to audit and start: Active Directory Windows ...How to configure ticketing system integration in ADAudit Plus
In this article: Objective Prerequisites Step-by-step instructions Validation and confirmation Tips Related topics and articles Objective: This article provides step-by-step instructions on integrating a ticketing system with ADAudit Plus. The ...