diff --git a/blog-service/2025-10-17-apps.md b/blog-service/2025-10-17-apps.md new file mode 100644 index 0000000000..81afc3cf38 --- /dev/null +++ b/blog-service/2025-10-17-apps.md @@ -0,0 +1,14 @@ +--- +title: Azure Security - Microsoft Entra ID Protection (Apps) +image: https://help.sumologic.com/img/reuse/rss-image.jpg +keywords: + - apps + - azure + - microsoft + - azure-security-microsoft-entra-id-protection +hide_table_of_contents: true +--- + +import useBaseUrl from '@docusaurus/useBaseUrl'; + +We're excited to introduce the new Sumo Logic app for Azure Security - Microsoft Entra ID Protection. This app enhances identity security across Azure environments by proactively detecting, investigating, and mitigating identity-related risks. This integration helps you safeguard user accounts and credentials, ensuring secure access to critical cloud resources. [Learn more](/docs/integrations/microsoft-azure/azure-security-microsoft-entra-id-protection/). diff --git a/cid-redirects.json b/cid-redirects.json index ee72aee37d..ba16bcabea 100644 --- a/cid-redirects.json +++ b/cid-redirects.json @@ -2950,6 +2950,8 @@ "/cid/1111": "/docs/integrations/microsoft-azure/azure-open-ai", "/cid/1115": "/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-cloud-apps", "/docs/integrations/microsoft-azure/microsoft-defender-for-cloud-apps/": "/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-cloud-apps", + "/cid/1116": "/docs/integrations/microsoft-azure/azure-security-microsoft-entra-id-protection", + "/docs/integrations/microsoft-azure/microsoft-entra-id-protection/": "/docs/integrations/microsoft-azure/azure-security-microsoft-entra-id-protection", "/cid/1113": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/databricks-audit-source/", "/Cloud_SIEM_Enterprise": "/docs/cse", "/Cloud_SIEM_Enterprise/Administration": "/docs/cse/administration", diff --git a/docs/integrations/microsoft-azure/azure-security-microsoft-entra-id-protection.md b/docs/integrations/microsoft-azure/azure-security-microsoft-entra-id-protection.md new file mode 100644 index 0000000000..63473971c3 --- /dev/null +++ b/docs/integrations/microsoft-azure/azure-security-microsoft-entra-id-protection.md @@ -0,0 +1,196 @@ +--- +id: azure-security-microsoft-entra-id-protection +title: Azure Security - Microsoft Entra ID Protection +sidebar_label: Azure Security - Microsoft Entra ID Protection +description: Learn how to collect alerts from the Azure Security - Microsoft Entra ID Protection platform and send them to Sumo Logic for analysis. +--- + +import useBaseUrl from '@docusaurus/useBaseUrl'; + +Thumbnail icon + +The Azure Security – Microsoft Entra ID Protection application strengthens identity security within Azure environments by proactively detecting, investigating, and mitigating identity-related risks. It helps organizations safeguard user accounts and credentials against potential compromise, ensuring secure access to critical cloud resources + +The Sumo Logic app for Azure Security - Microsoft Entra ID Protection provides interactive dashboards and visual tools. The app supports incident identification, user activity tracking, and access monitoring for sensitive data. These features enable faster response times and more agile decision-making, ultimately helping organizations enhance their overall security posture. By delivering a comprehensive view of cloud app security, the app empowers you to manage threats efficiently and ensures robust protection of critical Azure-based assets. + +## Log Types + +The Azure Security – Microsoft Entra ID Protection uses Sumo Logic’s Microsoft Graph Security source to collect [alerts](https://learn.microsoft.com/en-us/graph/api/security-list-alerts_v2?view=graph-rest-1.0&tabs=http) from the Microsoft Graph Security source. + +### Sample log messages + +
+Alert Log + +```json +{ + "id": "ad702c56f4e096bad6317188657c055326e564fc89de72328c", + "providerAlertId": "efa85202d5d391b6d368c8c985d95a221df17581886575fd8d11666a1d12", + "incidentId": "14", + "status": "new", + "severity": "high", + "classification": "truePositive", + "determination": "malware", + "serviceSource": "azureAdIdentityProtection", + "detectionSource": "automatedInvestigation", + "detectorId": "AnomalousToken", + "tenantId": "3adb963c-8e61-48-a06d-6dbb0dacea39", + "title": "Anomalous Token", + "description": "Anomalous token indicates that there are abnormal characteristics in the token such as token duration and authentication from unfamiliar IP address", + "recommendedActions": "", + "category": "Random", + "assignedTo": null, + "alertWebUrl": "https://566bdd7bcaa08702d6bebe31e2901.serveo.net/alerts/ad702c56f4e096bad66c055326e564fc89de72328c?tid=3adb963c-8e61-48e8-a06d-6dbb0dacea39", + "incidentWebUrl": "https://566ba0ac28702d6bebe31e2901.serveo.net/incidents/14?tid=3adb963c-8e61-48e8-a06d-6dbb0dacea39", + "actorDisplayName": null, + "threatDisplayName": null, + "threatFamilyName": null, + "mitreTechniques": [], + "createdDateTime": "2025-09-18T15:14:17+0530577Z", + "lastUpdateDateTime": "2025-09-18T15:14:17+0530667Z", + "resolvedDateTime": null, + "firstActivityDateTime": "2025-09-18T15:14:17+0530872Z", + "lastActivityDateTime": "2025-09-18T15:14:17+0530872Z", + "comments": [ + { + "@odata.type": "#microsoft.graph.security.alertComment", + "comment": "Not valid", + "createdByDisplayName": "Sam", + "createdDateTime": "2025-09-18T15:14:17+053088Z" + } + ], + "evidence": [ + { + "@odata.type": "#microsoft.graph.security.userEvidence", + "createdDateTime": "2025-09-18T15:14:17+0530333Z", + "verdict": "unknown", + "remediationStatus": "none", + "remediationStatusDetails": null, + "roles": ["compromised"], + "detailedRoles": [], + "tags": [], + "userAccount": { + "accountName": "tseapps", + "domainName": null, + "userSid": "S-1-12-1-175818657-1758188657-589068932-1758188657", + "azureAdUserId": "f5e829f5-4f-4fcf-847a-1c234c1b3b84", + "userPrincipalName": "sam@odata.com", + "displayName": null + } + }, + { + "@odata.type": "#microsoft.graph.security.ipEvidence", + "createdDateTime": "2025-09-18T15:14:17+0530333Z", + "verdict": "compromised", + "remediationStatus": "none", + "remediationStatusDetails": null, + "roles": [], + "detailedRoles": [], + "tags": [], + "ipAddress": "168.119.168.251", + "countryLetterCode": "IN" + } + ] +} +``` +
+ +### Sample queries + +```sql title="Total Alerts" +_sourceCategory=Labs/MicrosoftGraphSecurity +|json"id","status","severity","category","title","description","classification","determination","serviceSource","detectionSource","alertWebUrl" ,"comments[*]","evidence[*]"as alert_id,status,severity,category,title,description,classification,determination,service_source,detection_source,alert_url,comments,evidence_info nodrop + +| where toLowerCase(service_source) = "azureadidentityprotection" + +// global filters +| where if ("*" = "*", true, severity matches "*") +| where if ("*" = "*", true, status matches "*") +| where if ("*" = "*", true, classification matches "*") + +// panel specific +| count by alert_id +| count +``` + +```sql title="High Severity Alerts" +_sourceCategory=Labs/MicrosoftGraphSecurity +|json"id","status","severity","category","title","description","classification","determination","serviceSource","detectionSource" ,"comments[*]","evidence[*]"as alert_id,status,severity,category,title,description,classification,determination,service_source,detection_source,comments,evidence_info nodrop + +| where toLowerCase(service_source) = "azureadidentityprotection" + +// global filters +| where if ("*" = "*", true, severity matches "*") +| where if ("*" = "*", true, status matches "*") +| where if ("*" = "*", true, classification matches "*") + +// panel specific +| where toLowerCase(severity) matches ("*high*") +| count by alert_id +| count +``` + +## Collection configuration and app installation + +:::note +- Skip this step if you have already configured the [Microsoft Graph Security API Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-security-api-source/). +- Select **Use the existing source and install the app** to install the app using the `sourceCategory` of the Microsoft Graph Security API Source configured above. +::: + +import CollectionConfiguration from '../../reuse/apps/collection-configuration.md'; + + + +:::important +Use the [Cloud-to-Cloud Integration for Microsoft Graph Security API](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-security-api-source/) to create the source and use the same source category while installing the app. By following these steps, you can ensure that your Azure Security - Microsoft Entra ID Protection is properly integrated and configured to collect and analyze your Azure Security - Microsoft Entra ID Protection data. +::: + +### Create a new collector and install the app + +import AppCollectionOPtion1 from '../../reuse/apps/app-collection-option-1.md'; + + + +### Use an existing collector and install the app + +import AppCollectionOPtion2 from '../../reuse/apps/app-collection-option-2.md'; + + + +### Use an existing source and install the app + +import AppCollectionOPtion3 from '../../reuse/apps/app-collection-option-3.md'; + + + +## Viewing the Azure Security - Microsoft Entra ID Protection dashboards + +import ViewDashboards from '../../reuse/apps/view-dashboards.md'; + + + +### Overview + +The **Azure Security - Microsoft Entra ID Protection - Overview** dashboard provides a comprehensive view of identity-related security risks and anomalies detected across Azure environments. It enables analysts to monitor risky sign-ins, user risk levels, and identity protection trends, ensuring timely detection and mitigation of potential account compromises. + +With features like geo-location mapping and top user alerts, the dashboard supports regional risk assessment and detection of insider threats. By combining real-time insights with historical trends, it enhances situational awareness and strengthens incident response strategies. +
Azure Security - Microsoft Entra ID Protection - Overview + +### Security + +The **Azure Security - Microsoft Entra ID Protection - Security** dashboard provides a comprehensive overview of identity-related threats within the organization, enabling teams to pinpoint where identity risks are concentrated and how they evolve over time. Visual trend panels display fluctuations in user and sign-in risk levels, helping analysts assess whether identity-based attacks are increasing and prioritize mitigation accordingly. + +Key insights include compromised user accounts, frequently attacked devices, and countries linked to malicious IPs, enabling targeted defense strategies. By combining trend analysis with threat origins and user risk data, the dashboard empowers proactive threat response and strengthens overall security posture. +
Azure Security - Microsoft Entra ID Protection - Security + +## Upgrade/Downgrade the Azure Security - Microsoft Entra ID Protection app (Optional) + +import AppUpdate from '../../reuse/apps/app-update.md'; + + + +## Uninstalling the Azure Security - Microsoft Entra ID Protection app (Optional) + +import AppUninstall from '../../reuse/apps/app-uninstall.md'; + + diff --git a/docs/integrations/microsoft-azure/index.md b/docs/integrations/microsoft-azure/index.md index 6aad870b52..6c8961a43f 100644 --- a/docs/integrations/microsoft-azure/index.md +++ b/docs/integrations/microsoft-azure/index.md @@ -307,6 +307,12 @@ This guide has documentation for all of the apps that Sumo Logic provides for Mi

Learn about the Sumo Logic collection process for the Azure Security - Microsoft Defender for Office 365

+
+
+ thumbnail icon

Azure Security - Microsoft Entra ID Protection

 +

Learn about the Sumo Logic collection process for the Azure Security - Microsoft Entra ID Protection.

+
+
Thumbnail icon diff --git a/docs/integrations/microsoft-azure/microsoft-entra-id-protection.md b/docs/integrations/microsoft-azure/microsoft-entra-id-protection.md deleted file mode 100644 index 76ce618163..0000000000 --- a/docs/integrations/microsoft-azure/microsoft-entra-id-protection.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -id: microsoft-entra-id-protection -title: Microsoft Entra ID Protection -sidebar_label: Microsoft Entra ID Protection -description: The Sumo Logic App for Microsoft Entra ID Protection outlines the steps required to collect and analyze the alert data from the Azure security platform to the Sumo Logic platform. ---- - -import useBaseUrl from '@docusaurus/useBaseUrl'; - -Thumbnail icon - -Microsoft Entra ID Protection is a cloud-based identity security solution that helps you detect, investigate, and remediate identity-based risks in real time. It is a key component of the Microsoft Entra suite, which focuses on securing access to applications and data across cloud and on-premises environments. - -This document outlines the steps required to collect and analyse the [Microsoft Entra ID Protection](https://learn.microsoft.com/en-us/entra/id-protection/overview-identity-protection) alerts in the Sumo Logic platform. - -## Set up collection - -:::note -Skip this step if you have already configured the Microsoft Graph Security API Source. -::: - -Use the [Cloud-to-Cloud Integration for Microsoft Graph Security API](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-security-api-source/) to ingest security alerts data from the Microsoft Entra ID Protection to the Sumo Logic platform. - -## Search alerts - -Use the following query to retrieve alerts generated by the Microsoft Entra ID Protection. - -```sql -_sourcecategory=Labs/MicrosoftGraphSecurity -| json field=_raw "serviceSource" as service_source -| where service_source = "azureAdIdentityProtection" -``` - -## Analyse alerts - -Use the following query to extract detailed insights from the alert data: - -```sql -_sourceCategory=Labs/MicrosoftGraphSecurity -|json"id","status","severity","category","title","description","classification","determination","serviceSource","detectionSource","alertWebUrl" ,"comments[*]","evidence[*]"as alert_id,status,severity,category,title,description,classification,determination,service_source,detection_source,alert_url,comments,evidence_info nodrop -| where service_source = "azureAdIdentityProtection" -| where severity matches "*" and status matches "*" and classification matches "*" -| if(isNull(category),"-",category) as category -| if(isNull(classification),"-",classification) as classification -| if(isNull(determination),"-",determination) as determination -| count by _messageTime,status,severity,category,title,description,classification,determination,alert_url,alert_id -| formatDate(toLong(_messageTime), "dd-MM-yyyy HH:mm:ss") as time -| tourl (alert_url,alert_id) as alert_id -| fields time,alert_id,title,description,alert_url,status,severity,category,classification,determination -| fields -_messageTime -| sort by time -``` \ No newline at end of file diff --git a/docs/integrations/product-list/product-list-a-l.md b/docs/integrations/product-list/product-list-a-l.md index 0338850540..fe393d7fdf 100644 --- a/docs/integrations/product-list/product-list-a-l.md +++ b/docs/integrations/product-list/product-list-a-l.md @@ -119,7 +119,7 @@ For descriptions of the different types of integrations Sumo Logic offers, see [ | Thumbnail icon | [AWS Simple Notification Service](https://aws.amazon.com/sns/) | Automation integration: [AWS Simple Notification Service](/docs/platform-services/automation-service/app-central/integrations/aws-simple-notification-service/) | | Thumbnail icon | [AWS WAF](https://aws.amazon.com/waf/) | Apps:
- [AWS WAF](/docs/integrations/amazon-aws/waf/)
- [AWS WAF Cloud Security Monitoring and Analytics](/docs/integrations/cloud-security-monitoring-analytics/aws-waf/)
Automation integration: [AWS WAF](/docs/platform-services/automation-service/app-central/integrations/aws-waf/)
Cloud SIEM integration: [Amazon AWS - Web Application Firewall (WAF)](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/products/072b85a2-1765-45c2-911d-b0509880326e.md) | | Thumbnail icon | [Axonius](https://www.axonius.com/) | Automation integration: [Axonius](/docs/platform-services/automation-service/app-central/integrations/axonius/) | -| Thumbnail icon | [Azure](https://azure.microsoft.com/en-us) | Apps:
- [Azure Analysis Services](/docs/integrations/microsoft-azure/azure-analysis-services/)
- [Azure API Management](/docs/integrations/microsoft-azure/azure-api-management/)
- [Azure App Configuration](/docs/integrations/microsoft-azure/azure-app-configuration/)
- [Azure Application Gateway](/docs/integrations/microsoft-azure/azure-application-gateway/)
- [Azure App Service Environment](/docs/integrations/microsoft-azure/azure-app-service-environment/)
- [Azure App Service Plan](/docs/integrations/microsoft-azure/azure-app-service-plan/)
- [Azure Audit](/docs/integrations/microsoft-azure/audit/)
- [Azure Automation](/docs/integrations/microsoft-azure/azure-automation/)
- [Azure Backup](/docs/integrations/microsoft-azure/azure-backup/)
- [Azure Batch](/docs/integrations/microsoft-azure/azure-batch/)
- [Azure Cache for Redis](/docs/integrations/microsoft-azure/azure-cache-for-redis/)
- [Azure Cognitive Search](/docs/integrations/microsoft-azure/azure-cognitive-search/)
- [Azure Container Instances](/docs/integrations/microsoft-azure/azure-container-instances/)
- [Azure Cosmos DB](/docs/integrations/microsoft-azure/azure-cosmos-db/)
- [Azure Cosmos DB for PostgreSQL](/docs/integrations/microsoft-azure/azure-cosmos-db-for-postgresql/)
- [Azure Data Explorer](/docs/integrations/microsoft-azure/azure-data-explorer/)
- [Azure Data Factory](/docs/integrations/microsoft-azure/azure-data-factory/)
- [Azure Database for MariaDB](/docs/integrations/microsoft-azure/azure-database-for-mariadb/)
- [Azure Database for MySQL](/docs/integrations/microsoft-azure/azure-database-for-mysql/)
- [Azure Database for PostgreSQL](/docs/integrations/microsoft-azure/azure-database-for-postgresql/)
- [Azure Event Grid](/docs/integrations/microsoft-azure/azure-event-grid/)
- [Azure Event Hubs](/docs/integrations/microsoft-azure/azure-event-hubs/)
- [Azure Front Door](/docs/integrations/microsoft-azure/azure-front-door/)
- [Azure Functions](/docs/integrations/microsoft-azure/azure-functions/)
- [Azure HDInsight](/docs/integrations/microsoft-azure/azure-hdinsight/)
- [Azure IoT Hub](/docs/integrations/microsoft-azure/azure-iot-hub/)
- [Azure Key Vault](/docs/integrations/microsoft-azure/azure-key-vault/)
- [Azure Kubernetes Service (AKS) - Control Plane](/docs/integrations/microsoft-azure/kubernetes/)
- [Azure Load Balancer](/docs/integrations/microsoft-azure/azure-load-balancer/)
- [Azure Logic App](/docs/integrations/microsoft-azure/azure-logic-app/)
- [Azure Machine Learning](/docs/integrations/microsoft-azure/azure-machine-learning/)
- [Azure Monitor Logs](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source)
- [Azure Monitor Metrics](/docs/send-data/collect-from-other-data-sources/azure-monitoring/collect-metrics-azure-monitor/)
- [Azure Monitoring](/docs/send-data/collect-from-other-data-sources/azure-monitoring/)
- [Azure Network Interface](/docs/integrations/microsoft-azure/azure-network-interface/)
- [Azure Network Watcher](/docs/integrations/microsoft-azure/network-watcher/)
- [Azure Notification Hubs](/docs/integrations/microsoft-azure/azure-notification-hubs/)
- [Azure OpenAI](/docs/integrations/microsoft-azure/azure-open-ai/)
- [Azure Public IP Addresses](/docs/integrations/microsoft-azure/azure-public-ipAddress/)
- [Azure Relay](/docs/integrations/microsoft-azure/azure-relay/)
- [Azure Security -Advisor](/docs/integrations/microsoft-azure/azure-security-advisor/)
- [Azure Security - Defender for Cloud](/docs/integrations/microsoft-azure/azure-security-defender-for-cloud/)
- [Azure Security - Microsoft Defender for Cloud Apps](/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-cloud-apps/)
- [Azure Security - Microsoft Defender for Endpoint](/docs/integrations/microsoft-azure/microsoft-defender-for-endpoint/)
- [Azure Security - Microsoft Defender for Identity](/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-identity)
- [Azure Security - Microsoft Defender for Office 365](/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-office-365)
- [Azure Service Bus](/docs/integrations/microsoft-azure/azure-service-bus/)
- [Azure SQL](/docs/integrations/microsoft-azure/sql/)
- [Azure SQL Elastic Pool](/docs/integrations/microsoft-azure/azure-sql-elastic-pool/)
- [Azure SQL Managed Instance](/docs/integrations/microsoft-azure/azure-sql-managed-instance/)
- [Azure Storage](/docs/integrations/microsoft-azure/azure-storage/)
- [Azure Stream Analytics](/docs/integrations/microsoft-azure/azure-stream-analytics/)
- [Azure Synapse Analytics](/docs/integrations/microsoft-azure/azure-synapse-analytics/)
- [Azure Virtual Network](/docs/integrations/microsoft-azure/azure-virtual-network/)
- [Azure Virtual Machine](/docs/integrations/microsoft-azure/azure-virtual-machine/)
- [Azure Web Apps](/docs/integrations/microsoft-azure/web-apps/)
Automation integration: [Azure AD](/docs/platform-services/automation-service/app-central/integrations/azure-ad/)
Collectors:
- [Azure Blob Storage](/docs/send-data/collect-from-other-data-sources/azure-blob-storage/block-blob/collect-logs)
- [Azure Event Hubs Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source/)
- [Migrating to Azure Event Hubs Cloud-to-Cloud Source](/docs/send-data/collect-from-other-data-sources/azure-monitoring/azure-event-hubs-source-migration)
Webhook: [Webhook Connection for Microsoft Azure Functions](/docs/alerts/webhook-connections/microsoft-azure-functions/) | +| Thumbnail icon | [Azure](https://azure.microsoft.com/en-us) | Apps:
- [Azure Analysis Services](/docs/integrations/microsoft-azure/azure-analysis-services/)
- [Azure API Management](/docs/integrations/microsoft-azure/azure-api-management/)
- [Azure App Configuration](/docs/integrations/microsoft-azure/azure-app-configuration/)
- [Azure Application Gateway](/docs/integrations/microsoft-azure/azure-application-gateway/)
- [Azure App Service Environment](/docs/integrations/microsoft-azure/azure-app-service-environment/)
- [Azure App Service Plan](/docs/integrations/microsoft-azure/azure-app-service-plan/)
- [Azure Audit](/docs/integrations/microsoft-azure/audit/)
- [Azure Automation](/docs/integrations/microsoft-azure/azure-automation/)
- [Azure Backup](/docs/integrations/microsoft-azure/azure-backup/)
- [Azure Batch](/docs/integrations/microsoft-azure/azure-batch/)
- [Azure Cache for Redis](/docs/integrations/microsoft-azure/azure-cache-for-redis/)
- [Azure Cognitive Search](/docs/integrations/microsoft-azure/azure-cognitive-search/)
- [Azure Container Instances](/docs/integrations/microsoft-azure/azure-container-instances/)
- [Azure Cosmos DB](/docs/integrations/microsoft-azure/azure-cosmos-db/)
- [Azure Cosmos DB for PostgreSQL](/docs/integrations/microsoft-azure/azure-cosmos-db-for-postgresql/)
- [Azure Data Explorer](/docs/integrations/microsoft-azure/azure-data-explorer/)
- [Azure Data Factory](/docs/integrations/microsoft-azure/azure-data-factory/)
- [Azure Database for MariaDB](/docs/integrations/microsoft-azure/azure-database-for-mariadb/)
- [Azure Database for MySQL](/docs/integrations/microsoft-azure/azure-database-for-mysql/)
- [Azure Database for PostgreSQL](/docs/integrations/microsoft-azure/azure-database-for-postgresql/)
- [Azure Event Grid](/docs/integrations/microsoft-azure/azure-event-grid/)
- [Azure Event Hubs](/docs/integrations/microsoft-azure/azure-event-hubs/)
- [Azure Front Door](/docs/integrations/microsoft-azure/azure-front-door/)
- [Azure Functions](/docs/integrations/microsoft-azure/azure-functions/)
- [Azure HDInsight](/docs/integrations/microsoft-azure/azure-hdinsight/)
- [Azure IoT Hub](/docs/integrations/microsoft-azure/azure-iot-hub/)
- [Azure Key Vault](/docs/integrations/microsoft-azure/azure-key-vault/)
- [Azure Kubernetes Service (AKS) - Control Plane](/docs/integrations/microsoft-azure/kubernetes/)
- [Azure Load Balancer](/docs/integrations/microsoft-azure/azure-load-balancer/)
- [Azure Logic App](/docs/integrations/microsoft-azure/azure-logic-app/)
- [Azure Machine Learning](/docs/integrations/microsoft-azure/azure-machine-learning/)
- [Azure Monitor Logs](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source)
- [Azure Monitor Metrics](/docs/send-data/collect-from-other-data-sources/azure-monitoring/collect-metrics-azure-monitor/)
- [Azure Monitoring](/docs/send-data/collect-from-other-data-sources/azure-monitoring/)
- [Azure Network Interface](/docs/integrations/microsoft-azure/azure-network-interface/)
- [Azure Network Watcher](/docs/integrations/microsoft-azure/network-watcher/)
- [Azure Notification Hubs](/docs/integrations/microsoft-azure/azure-notification-hubs/)
- [Azure OpenAI](/docs/integrations/microsoft-azure/azure-open-ai/)
- [Azure Public IP Addresses](/docs/integrations/microsoft-azure/azure-public-ipAddress/)
- [Azure Relay](/docs/integrations/microsoft-azure/azure-relay/)
- [Azure Security -Advisor](/docs/integrations/microsoft-azure/azure-security-advisor/)
- [Azure Security - Defender for Cloud](/docs/integrations/microsoft-azure/azure-security-defender-for-cloud/)
- [Azure Security - Microsoft Defender for Cloud Apps](/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-cloud-apps/)
- [Azure Security - Microsoft Defender for Endpoint](/docs/integrations/microsoft-azure/microsoft-defender-for-endpoint/)
- [Azure Security - Microsoft Defender for Identity](/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-identity)
- [Azure Security - Microsoft Defender for Office 365](/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-office-365)
- [Azure Security - Microsoft Entra ID Protection](/docs/integrations/microsoft-azure/azure-security-microsoft-entra-id-protection/)
- [Azure Service Bus](/docs/integrations/microsoft-azure/azure-service-bus/)
- [Azure SQL](/docs/integrations/microsoft-azure/sql/)
- [Azure SQL Elastic Pool](/docs/integrations/microsoft-azure/azure-sql-elastic-pool/)
- [Azure SQL Managed Instance](/docs/integrations/microsoft-azure/azure-sql-managed-instance/)
- [Azure Storage](/docs/integrations/microsoft-azure/azure-storage/)
- [Azure Stream Analytics](/docs/integrations/microsoft-azure/azure-stream-analytics/)
- [Azure Synapse Analytics](/docs/integrations/microsoft-azure/azure-synapse-analytics/)
- [Azure Virtual Network](/docs/integrations/microsoft-azure/azure-virtual-network/)
- [Azure Virtual Machine](/docs/integrations/microsoft-azure/azure-virtual-machine/)
- [Azure Web Apps](/docs/integrations/microsoft-azure/web-apps/)
Automation integration: [Azure AD](/docs/platform-services/automation-service/app-central/integrations/azure-ad/)
Collectors:
- [Azure Blob Storage](/docs/send-data/collect-from-other-data-sources/azure-blob-storage/block-blob/collect-logs)
- [Azure Event Hubs Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source/)
- [Migrating to Azure Event Hubs Cloud-to-Cloud Source](/docs/send-data/collect-from-other-data-sources/azure-monitoring/azure-event-hubs-source-migration)
Webhook: [Webhook Connection for Microsoft Azure Functions](/docs/alerts/webhook-connections/microsoft-azure-functions/) | ## B diff --git a/sidebars.ts b/sidebars.ts index abf4bce0af..3e4a956d67 100644 --- a/sidebars.ts +++ b/sidebars.ts @@ -2248,9 +2248,9 @@ integrations: [ 'integrations/microsoft-azure/azure-security-microsoft-defender-for-cloud-apps', 'integrations/microsoft-azure/azure-security-microsoft-defender-for-identity', 'integrations/microsoft-azure/azure-security-microsoft-defender-for-office-365', + 'integrations/microsoft-azure/azure-security-microsoft-entra-id-protection', 'integrations/microsoft-azure/microsoft-defender-for-endpoint', 'integrations/microsoft-azure/microsoft-dynamics365-customer-insights', - 'integrations/microsoft-azure/microsoft-entra-id-protection', 'integrations/microsoft-azure/microsoft-purview-data-loss-prevention', 'integrations/microsoft-azure/network-watcher', 'integrations/microsoft-azure/sql', diff --git a/static/img/integrations/microsoft-azure/azure-security-microsoft-entra-id-protection.png b/static/img/integrations/microsoft-azure/azure-security-microsoft-entra-id-protection.png new file mode 100644 index 0000000000..5e15781e5b Binary files /dev/null and b/static/img/integrations/microsoft-azure/azure-security-microsoft-entra-id-protection.png differ