licensing – Blue Lance https://bluelance.com Wed, 03 Jun 2026 17:45:11 +0000 en-US hourly 1 https://wordpress.org/?v=7.0 https://bluelance.com/wp-content/uploads/2025/11/fevicon-ic-1.png licensing – Blue Lance https://bluelance.com 32 32 Prerequisites for Azure Log Connector https://bluelance.com/docs/prerequisites-for-azurelogconnector/ Thu, 28 May 2026 16:23:10 +0000 https://bluelance.com/?post_type=docs&p=15895 Prerequisites for Azure Log Connector

Before installing and configuring Azure Log Connector, several prerequisites must be in place in both your Microsoft Azure environment and your LT Auditor MP deployment. This article covers everything that needs to be confirmed or prepared before proceeding with installation.

LT Auditor MP prerequisites:

RequirementDetails
LT Auditor MP ServerMust be installed and running
Network Access — InboundLT Auditor MP syslog listener must be active on the configured port (default: 5050)
Download Packagelta-mp-azurelogcollector.zip obtained from your administrator or Blue Lance

[Your administrator should confirm the exact download location for the Azure Log Connector package in your environment.]

Server requirements:

The machine where Azure Log Connector will be installed must meet the following requirements:

RequirementDetails
Operating SystemWindows Server 2019 or newer
Internet ConnectivityOutbound HTTPS access to Microsoft Graph and Office 365 Management APIs
Administrative AccessLocal administrator privileges required for installation and configuration
Network Access — OutboundMust be able to reach the LT Auditor MP syslog listener on the configured port (default: 5050)
Azure Portal AccessAccess to the Azure Portal to create and configure the App Registration

Required outbound network access:

Azure Log Connector requires outbound HTTPS access to the following Microsoft API endpoints. Confirm these are not blocked by your firewall or proxy:

EndpointPurpose
https://graph.microsoft.comMicrosoft Graph API — Entra ID sign-in logs, audit logs, identity protection events
https://manage.office.comOffice 365 Management API — SharePoint Online and OneDrive activity logs
https://login.microsoftonline.comMicrosoft identity platform — authentication for the App Registration

Test connectivity from the Azure Log Connector server to each endpoint:

Test-NetConnection -ComputerName graph.microsoft.com -Port 443

Test-NetConnection -ComputerName manage.office.com -Port 443

Test-NetConnection -ComputerName login.microsoftonline.com -Port 443

All three should return a successful result. If any connection fails, work with your network team to allow outbound HTTPS traffic to those endpoints.

[Your administrator should confirm whether outbound internet access from the installation server requires proxy configuration, and if so, ensure the proxy settings are configured before proceeding.]

Microsoft Entra ID prerequisites:

RequirementDetails
Active Entra ID TenantAn active Microsoft Entra ID (Azure AD) tenant
Azure Portal AccessGlobal Administrator or Application Administrator privileges to create App Registrations
App RegistrationA dedicated App Registration created for Azure Log Connector
API PermissionsMicrosoft Graph and Office 365 Management API permissions granted with admin consent
Client SecretA client secret generated for the App Registration

Required API permissions:

The App Registration used by Azure Log Connector requires the following permissions. All permissions are Application type — not Delegated — as Azure Log Connector runs as a background service without a signed-in user. All permissions require Admin Consent from a Global Administrator.

Microsoft Graph — Application Permissions:

PermissionPurpose
AuditLog.Read.AllRead Entra ID audit logs and sign-in logs
Directory.Read.AllRead directory objects including users, groups, and roles
Application.Read.AllRead application registrations and service principals
Domain.Read.AllRead domain information
Files.Read.AllRead files across the organization
GroupMember.Read.AllRead group memberships
IdentityProvider.Read.AllRead identity provider configurations
IdentityRiskyServicePrincipal.Read.AllRead risky service principal detections
IdentityRiskyUser.Read.AllRead risky user detections
Policy.Read.AllRead conditional access and other policies
RoleManagementAlert.Read.DirectoryRead role management alerts
User.Export.AllExport user data
User.Read.AllRead user profiles
UserAuthenticationMethod.Read.AllRead user authentication methods including MFA

Office 365 Management APIs — Application Permissions:

PermissionPurpose
ActivityFeed.ReadRead SharePoint Online and OneDrive activity logs

This is a significantly broader set of permissions than the previous EntraConnector module required, reflecting the expanded scope of Azure Log Connector across both Entra ID and Microsoft 365. All permissions require Admin Consent before they become active.

Microsoft 365 license requirements:

Access to certain log categories requires appropriate Microsoft licensing. Confirm the following with your Microsoft licensing administrator:

Log CategoryMinimum License Required
Entra ID Audit LogsMicrosoft Entra ID Free
Sign-In LogsMicrosoft Entra ID P1 or P2
Risky Sign-Ins & Identity ProtectionMicrosoft Entra ID P2
SharePoint Online Activity LogsMicrosoft 365 Business Standard or above
OneDrive Activity LogsMicrosoft 365 Business Standard or above
Conditional Access ActivityMicrosoft Entra ID P1 or P2

[Your administrator should confirm your organization’s current Microsoft 365 and Entra ID license tiers and which log categories are available before configuring Azure Log Connector.]

Roles required for setup:

TaskRequired Role
Create the App RegistrationGlobal Administrator or Application Administrator
Grant Admin Consent for API permissionsGlobal Administrator
Install Azure Log ConnectorLocal Administrator on the installation server
Configure Azure Log Connector in LT Auditor MPLT Auditor MP Administrator

[Your administrator should coordinate with your Azure or Microsoft 365 administrator to complete the App Registration steps if they do not have access to the Azure Portal.]

Information to gather before installation:

Before proceeding to the App Registration and installation steps, gather the following. You will need all of these values during configuration:

ItemWhere to Find ItNotes
Tenant IDAzure Portal → Microsoft Entra ID → OverviewAlso called Directory ID
Client IDAzure Portal → App Registrations → your app → OverviewAlso called Application ID
Client SecretAzure Portal → App Registrations → your app → Certificates & SecretsCopy immediately — only shown once
LT Auditor MP Server IP or HostnameYour LT Auditor MP installationNeeded during configuration
Syslog PortLT Auditor MP
Configure → Transformation Rules		Default: 5050
Syslog ProtocolLT Auditor MP
Configure → Transformation Rules		UDP, TCP, or TLS

The Client Secret value is only displayed once at the time of creation. Copy it immediately and store it securely. If the secret is lost, a new one must be generated.

Prerequisites checklist:

Before proceeding to the next article, confirm all of the following:

  • [ ] Installation server meets Windows Server 2019 or newer requirement
  • [ ] Outbound HTTPS access confirmed to all three Microsoft API endpoints
  • [ ] LT Auditor MP server is installed and running
  • [ ] LT Auditor MP syslog listener is active on the configured port
  • [ ] Azure Portal access with appropriate privileges is available
  • [ ] Microsoft 365 and Entra ID license tiers confirmed
  • [ ] Tenant ID, Client ID, and Client Secret are ready to hand
  • [ ] LT Auditor MP syslog port and protocol are confirmed

[Your administrator should complete this checklist before proceeding to the Registering the App in Microsoft Entra ID article to avoid interruptions during setup.]

]]>