# Azure Activities In this guide, you will set up Azure Activity to forward subscription-level events to Radiant. These events are used to facilitate threat detection and incident response by enabling correlation with other security solutions. At the end of this configuration, you will provide Radiant with the following values: * **Application (client) ID** * **Directory (tenant) ID** * **Client Secret Value** * **Subscription ID (One for each subscription)** ### Prerequisites * [ ] Admin access in your Azure tenant. ### Register the application with Azure AD In this step, you'll register a new application with Azure AD. The application will pull user and group data on a semi-regular basis. {% hint style="info" %} **Note**: Make sure to save the **Application (client) ID** and **Directory (tenant) ID** values. You will need to provide them to Radiant Security at the end of the configuration. {% endhint %} 1. Log in to the [Microsoft Azure Portal](https://portal.azure.com/#home). 2. From the left side menu, navigate to **Microsoft Entra ID**. 3. From the left menu, navigate to **App Registrations**. 4. Click **+** **New Registration**.\

5. Update the application **Name** to `radiantsecurity-connector` and leave all default settings unchanged.\

6. Click **Register** to save the changes. 7. On the newly registered application page, copy the following values: * **Application (client) ID** * **Directory (tenant) ID**

8. On the same page, click the link for **Add a certificate or secret**.

9. In the **Add a client** window, click **+ New Client Secret**. 10. Set the client secret as: * **Description**: `Radiant Security Connector` * **Expires**: `12 months`

11. Click **Add**. 12. The client secrets page will automatically open. 13. Copy the **Value** (*not* the **Secret ID** field).\

{% hint style="warning" %} **Important note:** Ensure you copy the **Client secret** value now as you won't be able to look it up again later. You will need to provide it to Radiant Security at the end of the configuration. {% endhint %} ### Grant the newly registered application the appropriate permissions 1. On the left sidebar menu, click **API Permissions.** 2. Click + **Add a permission**. 3. From the pop-out menu, select **Azure Service Management**.

4. Select the permission **user\_impersonation.**\

5. Click the **Add Permission** button. The pop-out menu should now retreat and the selected permission should appear on the **Configured permissions** list. ### Assign Reader Role for each subscription Radiant allow for each subscription to be monitored independently. So, you can repeat these steps for each desired subscription. 1. Access the **Subscriptions** page and select the desired subscription.

2. From the left menu, click **Access control (IAM)**. 3. Click **+ Add** and select **Add role assignment.**

4. On the **Role** page, in the search bar, search for and select **Reader**. Click **Next**.

5. On the **Members** page, click **+ Select members** and search for **\**.

5. Click on the application and click **Select** on the bottom of the page. 6. Click **Next** and **Review + Assign** to confirm the role. 7. Repeat steps 1 to 7 for each subscription. {% hint style="warning" %} **Important note:** If you already have the **Microsoft O365** connector enabled, skip the next step and go straight to [Enable the Azure Activities data feed](#enable-the-azure-activities-data-feed). {% endhint %} ### Add the data connector in Radiant Security 1. Log in to [Radiant Security](https://app.radiantsecurity.ai/). 2. From the navigation menu, click **Settings** > **Data Connectors** and click **+ Add Connector**. 3. Search for and select the **Microsoft O365** option and then click **Data Feeds**. 4. Select the **Azure Activities** data feed. 5. Add the following values you saved from the previous steps: * Application (client) ID * Directory (tenant) ID * Client Secret Value * Subscription IDs (separated by commas, with no spaces after the commas) 6. Click **Add Connector** to save the connector configuration. ### Enable the Azure Activities data feed 1. Log in to [Radiant Security](https://app.radiantsecurity.ai/). 2. From the navigation menu, click **Settings** > **Data Connectors** and find the Microsoft O365 connectors. 3. Scroll down until you can see the **Disabled** data feeds. 4. Hover your cursor over the **Azure Activities** data feed and click the **Enable** button on the right side.

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/azure-activities.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.