Prepare Azure for the integration

To prepare Microsoft Azure to connect with Splunk Observability Cloud:

1. Create a Microsoft Entra ID (formerly Azure Active Directory) application.

2. Specify subscriptions and set subscription permissions.

Create a Microsoft Entra ID (formerly Azure Active Directory) application

Follow these steps to create a new Microsoft Entra ID application:

1. In your Azure portal, navigate to Microsoft Entra ID, and register your new app. Splunk Observability Cloud does not use this information, but you need to provide it in order to create an app on Azure.

2. The Azure portal displays a summary about the application. Save the following information to use when you create your Azure integration in Splunk Observability Cloud:

   • Directory (tenant) ID

   • Application (client) ID

3. Select Certificates & secrets. The Certificate is your public key, and the client secret is your password.

4. Create a client secret by providing a description and setting the duration to the longest possible interval, and Save. Remember the client secret, you’ll need it to create your Azure integration in Splunk Observability Cloud.

Specify subscriptions and set subscription permissions

Set your subscription permissions:

1. In the Azure portal, look for your Subscriptions.

2. Find a subscription you want to monitor, and navigate to Access control (IAM).

3. Select Add, then select Add role assignment.

4. On the Add role assignment page, perform the following steps:

   • From the Role drop-down list, select the Monitoring Reader role.

   • Leave the Assign access to drop-down list unchanged.

   • Go to Select member. In the Select text box, start entering the name of the Azure application you just created. The Azure portal automatically suggests names as you type. Enter the application name, and Save.

Connect and send your Azure data

After setting up your account proceed to:

• Connect to Azure: Guided setup and other options

• Send Azure logs to Splunk Platform