Content Comparison

...

Authorize It

1. In Azure Portal, search for Entra ID.

   Image Removed

...

2. Click App registrations in the left menu and click the app (or Service Principal) that you are going to use.

   Image Removed

   Register the application

3. open Storage accounts.

...

2. On the Storage accounts page, select Create and name the account.

...

Image Removed

3. Click “Review + Create” then “Create”

4. After the storage account is created, select it from the list of storage accounts and click on Access keys in the left menu.
   

   Image Removed

5. Copy the connection string.

...

Role assignment

Alternatively, users can grant the necessary permissions to the registered application to access the Event Hub without using the RootManageSharedAccessKey. Roles can be assigned in a variety of ways (e.g. inherited from the subscription group), but the following steps will show how to assign the necessary roles directly to the Storage Account.

Repeat steps 1-2 from the Connection String section to create the Storage Account.

In the Storage Account, click Access control (IAM) in the left menu, click + Add, and click Add Role Assignment.

...

Image Removed

...

Search for either the Storage Blob Data Contributor or Storage Blob Data Owner ??Storage Blob Data Reader?? role and select it and then click Next.

...

Click + Select members and search for the event hub application, select it, click Next.

...

Click Review + Assign.

Connection string

Users can either obtain a connection string or use Role Assignments to allow the collector to access the Event Hub.

...

To perform the authorization, the Entra Security Administrator role is required.

Items required before authorizing an Event Hub:

• Subscription containing your Azure resources.

• Resource group containing your Azure resources.

• Name of the region containing Azure resources. Example: East US

• Entra directory.

If you have more than one set of these items, then authorize an Event Hub or each set.

Items created or used during the authorization process:

• App registration

• Event hub namespace

• Event hub

• Event hub policy

• Monitors

• Connection string

1. In Azure Portal, search for Entra ID.

   Image Added

2. Click App registrations in the left menu and click new registration

   Image Added

3. Register the application

4. Search for the Event Hubs service and click on it. 

   

6. Create an Event Hub resource per region (repeat the steps below for each region):

Click Add

Click Create.


7. Fill the mandatory fields keeping in mind that the Event Hub must be in the same region as the resources that you are going to monitor

   Select the subscription and resource group corresponding to the resources that must be monitored.

8. Enter a name.

9. In the Location field, select the region containing the resources that must be monitored.

10. To capture Blob or Data Lake, see How Event Hubs Capture is charged to select a tier. Otherwise, select the cheapest tier and one throughput unit. If you need more resources, they can be added later.

    

11. Select “Review+Create,” then “Create.”

12. The previous steps create an EventHub namespace; now go

    Return to Event Hubs

    , search the created one and click on it.Image Removed

13. Now click on the + Event Hub button and create a new Event Hub

    Image Removed

    Add a name.

14. One partition count is usually enough.

    Select the maximum retention time.

    Image Removed

15. Once the Event Hub is created in the namespace, click it and select Consumer Group in the left menu. The $Default consumer group is fine. Devo recommends that the event hub only be accessed by Devo. If any other entity is accessing the event hub, then each entity must have its own consumer group and Microsoft must be paid more.

    Image Removed

16. Now, in the Event Hub Namespace, click on Shared access policies, search the default policy named RootManageSharedAccessKey and click it.

Image Removed

• Copy and write down the primary (or secondary) connection string to be used later in the configuration file.

Role assignment

Alternatively, users can grant the necessary permissions to the registered application to access the Event Hub without using the RootManageSharedAccessKey. Roles can be assigned in a variety of ways (e.g. inherited from the subscription group), but the following steps will show how to assign the necessary roles directly to the Event Hub Namespace.

Repeat all steps except the last one from the previous section to create the Event Hub.

1. In the Event Hub Namespace, click and open the namespace created in the previous steps.

   Image Added

2. Select Access control (IAM) in the left menu, click + Add, and click Add Access Role Assignment.

   

...

2. Search for

...

1. the Azure Event Hubs Data Receiver role and select it and then click Next.

   Image Modified

2. Click

...

1. Select members and search for the previously created App registration.

2. Select the Application by clicking its name

...

1. .

2. Once the application is already listed as a selected member, click Select.

   Image Modified

3. Click Review + Assign.

4. In the namespace, Create a shared access policy for sending data to the event hub.

   Image Modified

...

1. Search for and select the Monitor service

...

1. .

   Image Modified

2. Click the Diagnostic Settings option in the left area.

3. Select a resource

...

1. Image Modified

2. Add diagnostic setting

   Image Modified

3. Name the diagnostic setting.

4. Enable metrics and logs. The options will vary.

5. Enable “Stream to an event hub.”

6. Select the namespace, hub, and policy you created.

   Image Modified

7. Click Save

...

1. .

   Image Added

2. Open Entra.

3. Switch to the directory.

4. Add your Entra ID diagnostic settings. Devo recommends enabling all log options

Run It

In the Cloud Collector App, create an Azure Collector instance using this parameters template, replacing the values enclosed in < >.

...