Conversation
|
Newest code from mchupeau-sk has been published to preview environment 🚀 Latest deployment was built on 2026-02-25 15:48:40 (62bcec51316104eafabf2565c735358e0d6a0591). |
There was a problem hiding this comment.
Pull request overview
Updates the Office 365 “Azure EventHub” appendix documentation to reflect the current recommended setup, including Microsoft Purview audit log streaming and clearer Sekoia.io intake/playbook configuration steps (issue #1113).
Changes:
- Adds guidance on when to prefer the EventHub approach and how to adapt URLs for China (21Vianet) tenants
- Replaces Azure Portal “Office 365 diagnostic settings” guidance with Microsoft Purview “Audit log streaming” steps
- Expands intake + playbook configuration into clearer step-by-step instructions (including a parameter table)
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| As a prerequisite you need an `Event Hub` (e.g. company-eventhub) and to choose an existing `resourceGroup` or create a new one (e.g. company-resource-group). | ||
| You also need your `Subscription ID` if you don't have a default one. | ||
|
|
||
| Navigate to: `Home > Cost Management + Billing > Subscriptions`. From there, copy the relevant `Subscription ID` that will be used in the command line (e.g. uuid) | ||
| Then you use Azure PowerShell (within Cloud Shell interface for example): you will create a global `Event Hubs`, then specific `Event Hub` (e.g. o365-event). | ||
| Navigate to: `Home > Cost Management + Billing > Subscriptions`. From there, copy the relevant `Subscription ID` that will be used in the command line (e.g. uuid). | ||
| Then use Azure PowerShell (within the Cloud Shell interface for example): you will create a global `Event Hubs` namespace, then a specific `Event Hub` (e.g. o365-event). |
There was a problem hiding this comment.
In section A, the text says you need an Event Hub (e.g. company-eventhub), but the commands immediately below create an Event Hubs namespace named company-eventhub and then an Event Hub named o365-event. Please adjust the wording so company-eventhub is clearly described as the Event Hubs namespace to avoid confusion during setup.
There was a problem hiding this comment.
@copilot open a new pull request to apply changes based on this feedback
| Navigate to: `Home > Event Hubs > company-eventhub - Shared access policies`. From there, you can create a policy (e.g. RootManageSharedAccessKey) with the claims `Manage`, `Send` and `Listen`, and note the `Primary Key` that will be used as the `SharedAccessKey`. | ||
| Navigate to: `Home > Event Hubs > company-eventhub > o365-event - Shared access policies`. From there, you can create a policy (e.g. sekoiaio-nifi) with the claims `Listen`. | ||
| > Once created, click on the policy and save the `Connection string-primary key`, to be sent to Sekoia.io. | ||
| Navigate to: `Home > Event Hubs > company-eventhub > o365-event - Consumer groups`. From there, you can create a consumer group (e.g. sekoiaio-nifi). | ||
|
|
||
| ### B. Office 365 | ||
| Navigate to: `Home > Event Hubs > company-eventhub > o365-event - Shared access policies`. From there, you can create a policy (e.g. sekoiaio) with the claim `Listen`. | ||
| > Once created, click on the policy and save the `Connection string-primary key` — it will be used when configuring the Sekoia.io playbook. | ||
|
|
There was a problem hiding this comment.
The instructions for the namespace Shared Access Policy mention noting the Primary Key as SharedAccessKey, but later the Purview configuration requires an Event Hub namespace connection string (and needs Send rights). Please align these steps by explicitly stating which SAS policy/claims are required for Purview and that the full connection string (not just the key) is needed.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
|
@mchupeau-sk I've opened a new pull request, #2829, to work on those changes. Once the pull request is ready, I'll request review from you. |
https://github.com/SekoiaLab/integration/issues/1113