This add-on collects data from Microsoft Azure including the following: Azure AD Data - Users - Azure AD user data - Interactive Sign-ins - Azure AD sign-ins including conditional access policies and MFA - Directory audits - Azure AD directory changes including old and new values - Devices - Registered devices in Azure AD - Groups - Risk Detections Azure Log Analytics (KQL) Metrics Estimated billing and consumption - VM Reservation Recommendations Inventory metadata - Resource Groups - Resource group configuration - Virtual Machines - VM, Disk, Image, and Snapshot configurations - Virtual Networks - VNET, NSG, and Public IP configurations - Managed Disks - Subscriptions - Subscription name, ID, and type - Topology - IaaS relationships Azure Security Center - Alerts - Tasks Azure Resource Graph This add-on contains the following alert actions: - Stop Azure VM - stops an Azure Virtual Machine. - Add member to group - adds a user to a group. This can be useful if you need to enable additional policies like MFA based on search results. - Dismiss Azure Alert - dismisses an Azure Security Center alert. Version 3.0.0 and later of the Microsoft Azure Add-on for Splunk is compatible only with Splunk Enterprise version 8.0.0 and above. While this app is not formally supported, the developer can be reached at https://github.com/splunk/splunk-add-on-microsoft-azure/issues. Responses are made on a best-effort basis. Feedback is always welcome and appreciated!