/
Microsoft Azure collector
Document toolboxDocument toolbox

Microsoft Azure collector

Owned by Laszlo Frazer
Last updated: Feb 24, 2025
1 min read
[ 1 Purpose ] [ 2 Run It ] [ 3 Devo collector features ]

Purpose

The Microsoft Azure collector gets data from Azure cloud computing services. Common uses are:

  • Detect malicious Entra ID authentication

  • Detect malicious role, policy, and group changes impacting cloud infrastructure

  • Correlate risky users identified by Entra ID with data you have in Devo

  • Detect malicious Application Gateway traffic

  • Detect failures and measure costs of virtual machines

 

Run It

The Azure Collector has two services:

  • VM Metrics, for Virtual Machines

  • Event Hub, for everything else in Azure

These services should be enabled in separate collector instances.

 

Devo collector features

Features

Details

Features

Details

Allow parallel downloading (multipod)

The vm_metrics service cannot work in multipod mode. If you want to use the event_hubs service in multipod mode, you must not include a vm_service in the same collector.

Populated Devo events

  • table

Flattening pre-processing

  • no

Allowed source events obfuscation

  • yes

Related content