Azure AD Streaming Configuration
This guide provides steps on how to enable real-time data streaming for a Azuer AD connection and monitor streaming events within the Getvisibility platform.
Last updated
Was this helpful?
This guide provides steps on how to enable real-time data streaming for a Azuer AD connection and monitor streaming events within the Getvisibility platform.
Last updated
Was this helpful?
This guide walks you through enabling real-time data streaming for a Azure AD connection and how to monitor live streaming events within the Getvisibility platform.
Login to
If there are multiple tenants to choose from, use the Settings icon in the top menu to switch to the tenant in which needs to be registered to the application from the Directories + subscriptions menu
Browse to App Registration and select your application that was created for the scanning
Navigate to Manage -> API permissions on the left menu, and Add a permission
Select Microsoft APIs -> Office 365 Management API
Select Application permission
Select ActivityFeed.Read permission
Permissions required
Office 365 Management API ⇒ Application Permissions ⇒ ActivityFeed.Read
Microsoft Graph > Application permissions > AuditLog > AuditLog.Read.All
Microsoft Graph > Application permissions > Directory > Directory.Read.All
Once all the required permission is added, click "Grant admin consent"
Select the Audit solution card. If the Audit solution card isn't displayed, select View all solutions and then select Audit from the Core section
If auditing isn't turned on for your organization, a banner is displayed prompting you start recording user and admin activity. Select the Start recording user and admin activity banner.
In certain cases, recoding cannot be enabled immediately and requires additional configuration. If this applies, users will be prompted to enable the customization setting. Select OK, and a new banner will appear, informing you that the process may take 24 to 48 hours to complete. After this waiting period, repeat the previous step to proceed with enabling recoding.
From the Data Sources page, select Azure AD from the list of available data sources. In the Scan Configurations list create New Configuration
Make sure the connection has a Name, Credentials are set and Data streaming is enabled.
Clock icon: When data streaming is being activated, the clock icon will appear, indicating that the subscription is being processed. Once the subscription is activated, this icon will change to a green magnifying glass.
After enabling Data Streaming, the system will automatically handle the subscription to Azure AD’s real-time events. There is no need to manually configure Webhooks.
Once streaming is enabled, events can be monitored across multiple sections of the platform, providing comprehensive visibility into user and group activities. The Streaming tab offers an overview of essential operations, such as user and group creation, updates, and deletions.
For deeper insights, Extended Streaming Events leverage Azure AD’s audit logging functionality along with the ActivityFeed.Read permission. This enables the system to capture a broader range of event types beyond standard data streaming, including administrative actions, role changes, and authentication events.
Navigate to the Live Events section under Administration and then to Streaming tab to view a detailed audit log of streaming events.
Navigate to the Live Events section under Administration and then to Extended Streaming tab to view a detailed audit log of extended streaming events.
In both sections, you can filter and view event details
Sign into the using Microsoft Edge browser
