Prerequisites for Azure Log Connector #
Before installing and configuring Azure Log Connector, several prerequisites must be in place in both your Microsoft Azure environment and your LT Auditor MP deployment. This article covers everything that needs to be confirmed or prepared before proceeding with installation.
LT Auditor MP prerequisites:
| Requirement | Details |
| LT Auditor MP Server | Must be installed and running |
| Network Access โ Inbound | LT Auditor MP syslog listener must be active on the configured port (default: 5050) |
| Download Package | lta-mp-azurelogcollector.zip obtained from your administrator or Blue Lance |
[Your administrator should confirm the exact download location for the Azure Log Connector package in your environment.]
Server requirements:
The machine where Azure Log Connector will be installed must meet the following requirements:
| Requirement | Details |
| Operating System | Windows Server 2019 or newer |
| Internet Connectivity | Outbound HTTPS access to Microsoft Graph and Office 365 Management APIs |
| Administrative Access | Local administrator privileges required for installation and configuration |
| Network Access โ Outbound | Must be able to reach the LT Auditor MP syslog listener on the configured port (default: 5050) |
| Azure Portal Access | Access to the Azure Portal to create and configure the App Registration |
Required outbound network access:
Azure Log Connector requires outbound HTTPS access to the following Microsoft API endpoints. Confirm these are not blocked by your firewall or proxy:
| Endpoint | Purpose |
| https://graph.microsoft.com | Microsoft Graph API โ Entra ID sign-in logs, audit logs, identity protection events |
| https://manage.office.com | Office 365 Management API โ SharePoint Online and OneDrive activity logs |
| https://login.microsoftonline.com | Microsoft identity platform โ authentication for the App Registration |
Test connectivity from the Azure Log Connector server to each endpoint:
Test-NetConnection -ComputerName graph.microsoft.com -Port 443
Test-NetConnection -ComputerName manage.office.com -Port 443
Test-NetConnection -ComputerName login.microsoftonline.com -Port 443
All three should return a successful result. If any connection fails, work with your network team to allow outbound HTTPS traffic to those endpoints.
[Your administrator should confirm whether outbound internet access from the installation server requires proxy configuration, and if so, ensure the proxy settings are configured before proceeding.]
Microsoft Entra ID prerequisites:
| Requirement | Details |
| Active Entra ID Tenant | An active Microsoft Entra ID (Azure AD) tenant |
| Azure Portal Access | Global Administrator or Application Administrator privileges to create App Registrations |
| App Registration | A dedicated App Registration created for Azure Log Connector |
| API Permissions | Microsoft Graph and Office 365 Management API permissions granted with admin consent |
| Client Secret | A client secret generated for the App Registration |
Required API permissions:
The App Registration used by Azure Log Connector requires the following permissions. All permissions are Application type โ not Delegated โ as Azure Log Connector runs as a background service without a signed-in user. All permissions require Admin Consent from a Global Administrator.
Microsoft Graph โ Application Permissions:
| Permission | Purpose |
| AuditLog.Read.All | Read Entra ID audit logs and sign-in logs |
| Directory.Read.All | Read directory objects including users, groups, and roles |
| Application.Read.All | Read application registrations and service principals |
| Domain.Read.All | Read domain information |
| Files.Read.All | Read files across the organization |
| GroupMember.Read.All | Read group memberships |
| IdentityProvider.Read.All | Read identity provider configurations |
| IdentityRiskyServicePrincipal.Read.All | Read risky service principal detections |
| IdentityRiskyUser.Read.All | Read risky user detections |
| Policy.Read.All | Read conditional access and other policies |
| RoleManagementAlert.Read.Directory | Read role management alerts |
| User.Export.All | Export user data |
| User.Read.All | Read user profiles |
| UserAuthenticationMethod.Read.All | Read user authentication methods including MFA |
Office 365 Management APIs โ Application Permissions:
| Permission | Purpose |
| ActivityFeed.Read | Read SharePoint Online and OneDrive activity logs |
This is a significantly broader set of permissions than the previous EntraConnector module required, reflecting the expanded scope of Azure Log Connector across both Entra ID and Microsoft 365. All permissions require Admin Consent before they become active.
Microsoft 365 license requirements:
Access to certain log categories requires appropriate Microsoft licensing. Confirm the following with your Microsoft licensing administrator:
| Log Category | Minimum License Required |
| Entra ID Audit Logs | Microsoft Entra ID Free |
| Sign-In Logs | Microsoft Entra ID P1 or P2 |
| Risky Sign-Ins & Identity Protection | Microsoft Entra ID P2 |
| SharePoint Online Activity Logs | Microsoft 365 Business Standard or above |
| OneDrive Activity Logs | Microsoft 365 Business Standard or above |
| Conditional Access Activity | Microsoft Entra ID P1 or P2 |
[Your administrator should confirm your organization’s current Microsoft 365 and Entra ID license tiers and which log categories are available before configuring Azure Log Connector.]
Roles required for setup:
| Task | Required Role |
| Create the App Registration | Global Administrator or Application Administrator |
| Grant Admin Consent for API permissions | Global Administrator |
| Install Azure Log Connector | Local Administrator on the installation server |
| Configure Azure Log Connector in LT Auditor MP | LT Auditor MP Administrator |
[Your administrator should coordinate with your Azure or Microsoft 365 administrator to complete the App Registration steps if they do not have access to the Azure Portal.]
Information to gather before installation:
Before proceeding to the App Registration and installation steps, gather the following. You will need all of these values during configuration:
| Item | Where to Find It | Notes |
| Tenant ID | Azure Portal โ Microsoft Entra ID โ Overview | Also called Directory ID |
| Client ID | Azure Portal โ App Registrations โ your app โ Overview | Also called Application ID |
| Client Secret | Azure Portal โ App Registrations โ your app โ Certificates & Secrets | Copy immediately โ only shown once |
| LT Auditor MP Server IP or Hostname | Your LT Auditor MP installation | Needed during configuration |
| Syslog Port | LT Auditor MP Configure โ Transformation Rules | Default: 5050 |
| Syslog Protocol | LT Auditor MP Configure โ Transformation Rules | UDP, TCP, or TLS |
The Client Secret value is only displayed once at the time of creation. Copy it immediately and store it securely. If the secret is lost, a new one must be generated.
Prerequisites checklist:
Before proceeding to the next article, confirm all of the following:
- [ ] Installation server meets Windows Server 2019 or newer requirement
- [ ] Outbound HTTPS access confirmed to all three Microsoft API endpoints
- [ ] LT Auditor MP server is installed and running
- [ ] LT Auditor MP syslog listener is active on the configured port
- [ ] Azure Portal access with appropriate privileges is available
- [ ] Microsoft 365 and Entra ID license tiers confirmed
- [ ] Tenant ID, Client ID, and Client Secret are ready to hand
- [ ] LT Auditor MP syslog port and protocol are confirmed
[Your administrator should complete this checklist before proceeding to the Registering the App in Microsoft Entra ID article to avoid interruptions during setup.]