Microsoft Azure, often referred to as Azure, is a cloud computing service operated by Microsoft for application management via Microsoft-managed data centers.

Authenticating

Azure uses OAuth, a developer-friendly delegated access protocol. Quolum has already connected the necessary wires with Azure. Using a sequence of click-throughs, your organization's administrator allows Quolum to make API calls to Azure without getting access to passwords.

Step 1: Initiate a connection to Azure

Click the Connect button from the Connections card. If you are not an admin, you can invite your organization's Azure admin to make a connection to your Azure organization account. When you click on the Connect button, the web browser will navigate to the Azure login page.

Step 2: Log in to Microsoft

Log in to Microsoft using your organization's credentials. The exact login mechanism may depend on your Microsoft Azure plan, and the sign-in mechanism used. Once you have successfully logged-in, Microsoft is going to ask you to grant access to Quolum.

Step 3: Provide consent to Quolum

The next screen after login into Microsoft is the consent screen. On this screen, Microsoft confirms whether you authorize Quolum to access your organization's data.

Step 4: Back to Quolum

Once you have granted access to Quolum on Microsoft's website, Microsoft is going to send you back to Quolum's page in Step 1, where you started. The Connect button on the Connections card would now say Reconnect. Reconnect is used to reauthenticate under circumstances where the access has expired.

Under the hood

Using the OAuth protocol, Quolum now has delegated access to your Microsoft Azure Workspace. The Quolum server, running on Amazon AWS VPC, will be able to make API calls and retrieve feature-level utilization of projects, stories, and tasks. Later, this data is crunched and available for visualization on the Quolum dashboard.

Important Notes

Azure audit log API is a feature of Azure Active Directory (Azure AD) and is used for retrieving audit logs of activities that are performed in Azure AD. The availability of this API depends on the licensing plan for your Azure AD tenant.

Azure Active Directory Premium P1 or Azure Active Directory Premium P2 license is definitely necessary for connecting with Quolum. Alternatively if the directory type is Azure AD B2C, the sign-in reports are accessible through the API without any additional license requirement.

How to find if you have a P1 or P2 license?

• Sign in to the Azure portal with your Azure AD admin account.
• Navigate to the "Azure Active Directory" section.
• Click on "Licenses" in the left-hand menu.
• On the Licenses page, you will see a list of licenses assigned to your Azure AD tenant. Look for the "Azure Active Directory Premium P1" and "Azure Active Directory Premium P2" licenses in the list.
• Check the "Assigned" column for each license to see if your Azure AD admin has been assigned a P1 or P2 license.
• If your Azure AD admin has been assigned a P1 or P2 license, you should see it listed in the "Assigned" column for the corresponding license. If the license is not assigned, you will need to assign it to the admin before they can use the premium features included in that license.

How to find if the directory type is Azure AD B2C?

• Sign in to the Azure portal with your Azure AD account.
• Navigate to the "Azure Active Directory" section.
• On the left-hand menu, click on "Properties".
• On the Properties page, look for the "Directory Type" field.
• Check if the value for the "Directory Type" field is "B2C".
• If the value for the "Directory Type" field is "B2C", then your directory type is Azure AD B2C.

Note: that Azure AD B2C is a separate service from Azure AD, designed specifically for customer-facing applications that require user identity management. Azure AD B2C provides authentication and authorization services for web and mobile applications, enabling you to customize the user experience with your own branding and user flows.

You can find more details about P1, P2 and Azure AD B2C here.

How to get a P1 or P2 license?

P1 and P2 are provided with some other plans as mentioned below. Enterprise Mobility & Security E3 licences include Azure Active Directory Premium P1, and Enterprise Mobility & Security E5 licences include Azure Active Directory Premium P2.

For purchasing P1 or P2 license, generally one will need an Azure or Office 365 subscription. One can use an existing subscription or set up a new one and then sign in to the Office 365 portal with your credentials to buy Azure AD licences. This video explains how. For more details on how to add Azure AD Premium P1 license please visit the following link.

Disclaimer:
However, it's important to note that the specific features and capabilities of the Azure audit log API may differ between plans. Additionally, some APIs may have additional restrictions and requirements depending on the specific Azure AD services that are being used.