Using ThreatLockDown to monitor Microsoft Azure

This section provides instructions for monitoring Microsoft Azure infrastructures, such as:

• Monitoring instances by installing the ThreatLockDown agent on them. This will send events to the ThreatLockDown manager for analysis in order to classify the events within a range of alerts that can be easily viewed.

• Monitoring the Azure Portal and its services, including platform logs from Azure services, logs, performance data from virtual machines, and usage and performance data from the applications.

• Monitoring the Microsoft Entra ID (ME-ID) activity to discover how the Microsoft Entra ID services are accessed and used.