# Azure Activities Azure Activities are the subscription-level resource events generated by Microsoft Azure, covering provisioning changes, role assignments, policy updates, and other administrative actions. Enabling the **Azure Activities** data feed on your existing Microsoft O365 connector forwards these events to Radiant Security. For background on Azure activity logging, see [Azure activity log](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log) in the Microsoft documentation. The Microsoft O365 connector already holds the **Application (client) ID**, **Directory (tenant) ID**, and **Client Secret Value** from initial onboarding. This article walks through the additional Azure-side configuration required for Azure Activities and the **Subscription IDs** you provide to Radiant when enabling the data feed. ### Prerequisites * [ ] Admin access to Azure * [ ] An existing [Microsoft O365](https://help.radiantsecurity.ai/radiant-connectors/data-connectors/microsoft-o365) connector in Radiant Security ### Register the application in Microsoft Entra ID 1. Sign in to the [Microsoft Azure Portal](https://portal.azure.com/#home). 2. From the left side menu, navigate to **Microsoft Entra ID**. 3. From the left menu, navigate to **App Registrations**. 4. Click **+ New Registration**.

5. Set the application **Name** to `radiantsecurity-connector` and leave all default settings unchanged.

6. Click **Register** to save the changes. 7. On the newly registered application page, copy the following values: * **Application (client) ID** * **Directory (tenant) ID**

8. On the same page, click the link for **Add a certificate or secret**.

9. In the **Certificates & secrets** pane, click **+ New client secret**. 10. Set the client secret as follows: * **Description**: `Radiant Security Connector` * **Expires**: `12 months`

11. Click **Add**. 12. On the client secrets page that opens, copy the **Value** (not the **Secret ID** field).

{% hint style="warning" %} Copy the **Client Secret Value** now. It cannot be retrieved later. {% endhint %} ### Grant API permissions to the registered application 1. On the left sidebar menu, click **API Permissions**. 2. Click **+ Add a permission**. 3. From the pop-out menu, select **Azure Service Management**.

4. Select the **user\_impersonation** permission.

5. Click **Add permissions**. ### Assign the Reader role for each subscription Each Azure subscription that should be monitored requires its own Reader role assignment for the registered application. Repeat the steps below for each subscription. 1. Open the **Subscriptions** page and select the subscription to configure.

2. From the left menu, click **Access control (IAM)**. 3. Click **+ Add**, then select **Add role assignment**.

4. On the **Role** page, search for and select **Reader**. Click **Next**.

5. On the **Members** page, click **+ Select members** and search for `radiantsecurity-connector`.

6. Select the application, then click **Select** at the bottom of the pane. 7. Click **Next**, then click **Review + Assign** to confirm the role. ### Enable the Azure Activities data feed in Radiant Security 1. Sign in to [Radiant Security](https://app.radiantsecurity.ai/). 2. From the navigation menu, click **Settings** > **Data Connectors**. 3. Click **View Details** on the Microsoft O365 data connector. 4. Under **Optional - Azure subscription IDs (comma separated)**, enter each subscription ID from your Azure Reader role assignments, separated by commas with no spaces after the commas. 5. Locate the row for the **Azure Activities** data feed under your existing **Microsoft O365** connector. 6. On the right side of the row, click **Enable**.

### Verify ingestion After Azure Activities begins forwarding, confirm events are reaching Radiant. 1. In Radiant, navigate to [Log Management](https://app.radiantsecurity.ai/logs). 2. Filter by `rs_connectorType:"ms365_azure_activity"`. 3. Confirm recent events appear. {% hint style="info" %} Allow several minutes for events to be parsed, indexed, and available for search. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/azure-activities.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.