Go Up
You are here: DeploymentConfigure Netwrix Auditor Service AccountsData Collecting AccountFor Azure AD Auditing

For Azure AD Auditing

Before you start creating a monitoring plan to audit your Azure AD, plan for the account that will be used for data collection – it should meet the requirements listed below. Then you will provide this account in the monitoring plan wizard.

In the Cloud:

The account needs to be created as a Cloud-Only account.

Initial data collection

After the initial data collection

  • The Global Administrator role can be removed from the collection account. (Ongoing audit data collection leverages granted Office 365 Management APIs access permission, and therefore requires no tenant-level or site-level permissions.)
  • If the Global Administrator role was removed from the account, and you plan to audit Successful and/or Failed Logons, assign one of the following roles to the account:

    • Security Reader
    • Security Administrator

    See Assigning 'Security Administrator' or 'Security Reader' Role

  • Also, to audit Successful and/or Failed Logons, the account must be assigned Azure Active Directory Premium Plan 1 or Azure Active Directory Premium Plan 2 license.

NOTE: Accounts with multi-factor authentication are not supported.

Go Up