Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.iru.com/llms.txt

Use this file to discover all available pages before exploring further.

About Microsoft Azure Monitor

The Microsoft Azure Monitor source pulls diagnostic settings, subscription activity logs, metric and log alert rule configuration, and Log Analytics workspace settings from the connected subscription. Data is read through Azure Resource Manager with delegated OAuth as the signing-in user. Iru does not create or change diagnostic settings, alert rules, or workspaces. Activity log visibility follows Azure’s default retention (about 90 days at the subscription). Iru reads what Azure exposes for that window. For longer retention, export activity logs to a Log Analytics workspace or storage in Azure.

How it works

Iru uses Microsoft’s OAuth 2.0 authorization code flow against Azure Resource Manager. The requested scope is: https://management.azure.com/user_impersonation
DetailValue
CategoryDeveloper tools
AuthenticationOAuth 2.0 (Microsoft Entra ID, Azure Resource Manager)
Vendor planAny Azure subscription

What Iru collects

Data typeNotes
Diagnostic settingsLog categories, retention, destinations (storage, event hub, Log Analytics)
Activity logsSubscription-level audit events (create, delete, policy, role changes, and similar)
Metric alert rulesDefinitions, thresholds, evaluation frequency
Log alert rulesScheduled query rules and activity log alert configuration
Log Analytics workspacesWorkspace configuration and data retention settings
Official references: Azure Monitor documentation, Diagnostic settings, Activity log, Roles and permissions, Diagnostic settings REST API.

Prerequisites

  • Microsoft Entra ID sign-in to the Azure portal.
  • The built-in Monitoring Reader role at subscription scope (or Reader, which includes the needed read paths). Monitoring Reader grants Microsoft.Insights/*/read for diagnostic settings, alert rules, and activity log access without write permissions.
  • Browser pop-ups allowed so the connector wizard can open when you enable the source.
Confirm access: Subscriptions → your subscription → Access control (IAM)View my access. Example role assignment (replace placeholders): 
az role assignment create \
  --assignee <your-user-principal-name> \
  --role "Monitoring Reader" \
  --scope /subscriptions/<subscription-id>

Connect Microsoft Azure Monitor to Iru

Connection is configured in Iru Compliance. The wizard shows Step 1 of 1: Perform OAuth Authentication.

Iru Compliance

1

Open Sources

In Iru Compliance, on the left navigation bar, expand Compliance and select Sources.
Left navigation: Compliance expanded, Sources selected
2

Turn on the integration

Find Microsoft Azure Monitor (set Category to Developer tools or use Search by name or description). On that card, turn on the toggle to start the connector wizard.
3

Launch OAuth and sign in

Select Launch OAuth Authentication. Sign in with an account that has Monitoring Reader or Reader on the subscription. Accept the requested permissions.
4

Confirm the source is Active

When setup completes, the Microsoft Azure Monitor card shows Active.

Troubleshooting

Check pop-up blocker settings for the Iru site and try again.
The signed-in account may lack Monitoring Reader (or Reader) at subscription scope. Verify IAM (see Prerequisites).
Azure retains subscription activity logs for about 90 days by default. Iru reflects what is available in that window unless you have extended retention via export to Log Analytics or storage.
Sign out of the Microsoft pop-up and sign in with the account for the correct tenant.
Turn Microsoft Azure Monitor off and on in Sources, then complete OAuth again.

See also