Integrate Azure Active Directory logs with SumoLogic using Azure Monitor

In this article, you learn how to integrate Azure Active Directory (Azure AD) logs with SumoLogic using Azure Monitor. You first route the logs to an Azure event hub, and then you integrate the event hub with SumoLogic.

Prerequisites

To use this feature, you need:

• An Azure event hub that contains Azure AD activity logs. Learn how to stream your activity logs to an event hub.
• A SumoLogic single sign-on enabled subscription.

Steps to integrate Azure AD logs with SumoLogic

1. First, stream the Azure AD logs to an Azure event hub.

2. Configure your SumoLogic instance to collect logs for Azure Active Directory.

3. Install the Azure AD SumoLogic app to use the pre-configured dashboards that provide real-time analysis of your environment.

   

Next steps

• Interpret audit logs schema in Azure Monitor
• Interpret sign-in logs schema in Azure Monitor
• Frequently asked questions and known issues