You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/reports-monitoring/howto-use-azure-monitor-workbooks.md
+42-23Lines changed: 42 additions & 23 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,43 +8,62 @@ ms.service: active-directory
8
8
ms.topic: how-to
9
9
ms.workload: identity
10
10
ms.subservice: report-monitor
11
-
ms.date: 06/01/2023
11
+
ms.date: 07/28/2023
12
12
ms.author: sarahlipsey
13
13
ms.reviewer: sarbar
14
14
---
15
-
# How to use Azure Monitor workbooks for Azure Active Directory
15
+
# How to use Azure Active Directory Workbooks
16
16
17
-
When using Azure Workbooks, you can either start with an empty workbook, or use an existing template. Workbook templates enable you to quickly get started using workbooks without needing to build from scratch.
17
+
Workbooks are found in Azure AD and in Azure Monitor. The concepts, processes, and best practices are the same for both types of workbooks, however, workbooks for Azure Active Directory (AD) cover only those identity management scenarios that are associated with Azure AD.
18
+
19
+
When using workbooks, you can either start with an empty workbook, or use an existing template. Workbook templates enable you to quickly get started using workbooks without needing to build from scratch.
18
20
19
21
-**Public templates** published to a [gallery](../../azure-monitor/visualize/workbooks-overview.md#the-gallery) are a good starting point when you're just getting started with workbooks.
20
22
-**Private templates** are helpful when you start building your own workbooks and want to save one as a template to serve as the foundation for multiple workbooks in your tenant.
21
23
22
24
## Prerequisites
23
25
24
26
To use Azure Workbooks for Azure AD, you need:
25
-
- An Azure Active Directory (Azure AD) tenant with a premium (P1 or P2) license. Learn how to [get a premium license](../fundamentals/active-directory-get-started-premium.md)
26
-
- The appropriate roles for the Log Analytics workspace *and* Azure AD
27
-
- A Log Analytics workspace
28
27
29
-
1. Create a [Log Analytics workspace](../../azure-monitor/logs/quick-create-workspace.md)
30
-
- Access to the Log Analytics workspace is determined by the workspace settings, access to the resources sending the data to the workspace, and the method used to access the workspace.
31
-
- To ensure you have the right access, review the Azure workspace permissions in the [Manage access to Log Analytics workspaces](../../azure-monitor/logs/manage-access.md?tabs=tabs=portal#azure-rbac) article.
28
+
- An Azure AD tenant with a [Premium P1 license](../fundamentals/active-directory-get-started-premium.md)
29
+
- A Log Analytics workspace *and*access to that workspace
30
+
- The appropriate roles for Azure Monitor *and*Azure AD
32
31
33
-
2. Ensure that you have one of the following roles in Azure AD (if you're accessing the workspace through the Azure portal):
34
-
- Security Administrator
35
-
- Security Reader
36
-
- Reports Reader
37
-
- Global Administrator
38
-
39
-
3. Ensure that you have the one of the following Azure roles for the subscription:
40
-
- Global Reader
41
-
- Reports Reader
42
-
- Security Reader
43
-
- Application Administrator
44
-
- Cloud Application Administrator
45
-
- Company Administrator
32
+
### Log Analytics workspace
33
+
34
+
You must create a [Log Analytics workspace](../../azure-monitor/logs/quick-create-workspace.md)*before* you can use Azure AD Workbooks. There are a combination of factors that determine access to Log Analytics workspaces. You need the right roles for the workspace *and* the resources sending the data.
35
+
36
+
For more information, see [Manage access to Log Analytics workspaces](../../azure-monitor/logs/manage-access.md).
37
+
38
+
### Azure Monitor roles
39
+
40
+
Azure Monitor provides [two built-in roles](../../azure-monitor/roles-permissions-security.md#monitoring-reader) for viewing monitoring data and editing monitoring settings. Azure role-based access control (RBAC) also provides two Log Analytics built-in roles that grant similar access.
41
+
42
+
-**View**:
43
+
- Monitoring Reader
44
+
- Log Analytics Reader
45
+
46
+
-**View and modify settings**:
47
+
- Monitoring Contributor
48
+
- Log Analytics Contributor
49
+
50
+
For more information on the Azure Monitor built-in roles, see [Roles, permissions, and security in Azure Monitor](../../azure-monitor/roles-permissions-security.md#monitoring-reader).
51
+
52
+
For more information on the Log Analytics RBAC roles, see [Azure built-in roles](../../role-based-access-control/built-in-roles.md#log-analytics-contributor)
53
+
54
+
### Azure AD roles
55
+
56
+
Read only access allows you to view Azure AD log data inside a workbook, query data from Log Analytics, or read logs in the Azure AD portal. Update access adds the ability to create and edit diagnostic settings to send Azure AD data to a Log Analytics workspace.
57
+
58
+
-**Read**:
59
+
- Reports Reader
60
+
- Security Reader
61
+
- Global Reader
62
+
63
+
-**Update**:
46
64
- Security Administrator
47
-
- For more information on Azure subscription roles, see [Roles, permissions, and security in Azure Monitor](../../azure-monitor/roles-permissions-security.md).
65
+
66
+
For more information on Azure AD built-in roles, see [Azure AD built-in roles](../roles/permissions-reference.md).
0 commit comments