Complete Guide to Azure Reporting for Azure AD and Cost Management

Azure Reporting is a powerful tool that helps you stay on top of your Azure resources and costs. It provides detailed insights into your Azure usage, including usage, costs, and performance metrics.

With Azure Reporting, you can track your Azure AD usage, including sign-in activity, user behavior, and authentication methods. This information can help you identify potential security risks and improve your overall security posture.

Azure Cost Management is another essential feature of Azure Reporting, allowing you to monitor and manage your Azure costs in real-time. You can set budgets, track usage, and receive alerts when you approach or exceed your budget limits.

By leveraging Azure Reporting, you can make informed decisions about your Azure resources and costs, ensuring you get the most out of your investment while minimizing waste and optimizing performance.

To set up Azure Reporting, you'll need to follow the instructions for setting up Microsoft Graph Azure AD Reporting source. Use the same source category while installing the app.

You'll also need to install the Microsoft Graph Azure AD Reporting app for Sumo Logic. To do this, select the App Catalog and search for the app in the 🔎 Search Apps field. Then, select it and click Install App (or Add Integration if that's what the button says).

Once the app is installed, it will appear in your Installed Apps folder, and dashboard panels will start to fill automatically. Each panel will slowly fill with data matching the time range query and received since the panel was created, so be patient – results won't be available right away, but will update with full graphs and charts over time.

Installing the app is a straightforward process. To get started, select the App Catalog.

You'll find the app you're looking for by running a search in the 🔎 Search Apps field. Once you've found it, select it to proceed with the installation.

Click Install App (or sometimes Add Integration) to begin the setup process. You'll then be guided through a series of steps to complete the installation.

In the Configure section, you'll need to complete a few fields. Don't worry, it's a breeze. The app will then redirect you to the Preview & Done section.

Once your app is installed, it will appear in your Installed Apps folder. Dashboard panels will start to fill automatically with data matching the time range query and received since the panel was created.

It may take some time for the results to be available, but don't worry, they'll update with full graphs and charts over time.

Provisioning activities are a crucial part of Azure AD reporting, and with Microsoft Graph Azure AD Reporting, you can gain valuable insights into these activities. The dashboard provides a distribution of provisioning activities by status, actions, and initiators.

You can view the average time for each provisioning activity, which is essential for identifying areas where you can improve your organization's provisioning processes.

The dashboard also gives you visibility into recent provisioning activities, making it a useful tool for monitoring and managing your organization's provisioning processes.

You can see the most frequently used service principal during provisioning, which can help you optimize your provisioning processes and reduce unnecessary activity.

By leveraging this information, you can make data-driven decisions to streamline your organization's provisioning processes and reduce errors.

To set up collection, follow the instructions for setting up Microsoft Graph Azure AD Reporting source and use the same source category while installing the app.

Azure Cost Management Reports offer visibility into resource consumption and spending patterns, providing a comprehensive overview of your Azure expenditures.

The key benefits of using cost management reports include visibility and transparency, customization and flexibility, proactive budget management, strategic decision-making, and reserved instances optimization.

Here are the different report types available from the Azure portal:

To generate Azure Cost Management Reports, navigate to the Azure Portal and select "Cost Management + Billing" in the left navigation pane.

Setting up collection is a crucial step in data collection and management. To begin, you need to set up a Microsoft Graph Azure AD Reporting source, which involves using the same source category while installing the app.

To do this, you'll need to identify the Hosted Collector you want to use or create a new one. For instructions on creating a Hosted Collector, see the article on creating a Hosted Collector.

Once you've identified your Hosted Collector, you can proceed with configuring the Microsoft Graph Azure AD Reporting Source. This involves adding it to the Hosted Collector and providing the necessary information.

Here are the steps to configure the Microsoft Graph Azure AD Reporting Source:

By following these steps, you'll be able to set up collection and start collecting data from your Azure AD Reporting source.

The App uses multiple log types to collect data, including Audit, Sign-in, and Provisioning activities.

These log types are collected using Microsoft Graph Azure AD Reporting Source.

Audit logs track changes made to the App, such as user additions or deletions.

Sign-in logs record user authentication attempts and successful logins.

Provisioning logs track user account creations and updates.

Data collected is a crucial aspect of any data collection and management system. The system uses a Microsoft Graph Azure AD Reporting source to collect data.

The polling interval for this data collection is set to 5 minutes, which is a relatively short interval that ensures timely updates. This interval is applied to three types of data: Directory Audit, Sign-in, and Provisioning.

Here's a breakdown of the data collected:

The types of log data collected include Audit, Sign-in, and Provisioning activities. This comprehensive collection of data provides a complete picture of user activity and system performance.

User and Application Auditing is a crucial aspect of Azure reporting, providing valuable insights into your organization's activity data. You can monitor failed user logins, successful logins, last logon time, and risky login attempts.

The User Audit feature allows you to find details on user creation, deletion, sign-in status, MFA status, password changes, self-service password resets, administrative users, and more. This information can help you identify potential security risks and take corrective action.

Application Audit is also available, enabling you to check out Azure application registrations, deleted apps, app consents, app role assignments, credential changes, delegation changes, etc. This feature can help you stay on top of your organization's application management and ensure compliance with security policies.

User Audit provides a wealth of information about user activity in your organization.

You can find details on user creation, which is useful for tracking new employee onboarding or changes to your organization's structure.

User Audit also includes information on user deletion, which can help you identify who is leaving the company and why.

Sign-in status is another important aspect of User Audit, giving you insights into who is actively using your organization's resources.

MFA status is also tracked, allowing you to ensure that your organization's multi-factor authentication policies are being enforced.

Password changes are another important aspect of User Audit, helping you identify potential security risks or unauthorized access.

Self-service password resets are also tracked, giving you insights into how users are managing their own passwords.

Administrative users are another important aspect of User Audit, helping you identify who has elevated privileges and what they're doing with them.

This information can be invaluable for IT administrators and security teams looking to improve security and compliance in their organizations.

If you need to upgrade or downgrade the Microsoft Graph Azure AD Reporting app, it's a relatively straightforward process.

To upgrade the app, first select the App Catalog, then search for and select your app. You can also identify apps that can be upgraded in the Upgrade available section.

Once you've selected your app, choose Upgrade from the Manage dropdown to install the upgraded app in the Installed Apps folder. Dashboard panels will start to fill automatically.

To revert to a previous version of the app, select Revert to previous version of your app from the Manage dropdown after selecting your app in the App Catalog.