What you'll need
- A Microsoft Entra (Azure AD) tenant
- A Log Analytics workspace already collecting your application/infrastructure logs
- An Entra app registration with a client secret and read access to the workspace
Set it up
Register an Entra application
Azure portal → Microsoft Entra ID → App registrations → New registration. Name it something like Parumox Connector, choose single tenant, leave the redirect URI blank. Copy the Application (client) ID and Directory (tenant) ID from the Overview blade.
Generate a client secret
Same app → Certificates & secrets → New client secret. Pick an expiry that matches your secret-rotation policy. Copy the secret VALUE (not the ID) immediately — Azure will never show it again.
Grant the app access to your workspace
Open the Log Analytics workspace → Access control (IAM) → Add role assignment. Assign Log Analytics Reader (or Monitoring Reader for broader access) to the Entra app you created in step 1.
Find your workspace ID
Workspace → Overview → copy the Workspace ID GUID under Essentials. This is not the resource ID and not the workspace name.
Permissions required
The connector only ever queries — it never writes. The minimum required permission is Microsoft.OperationalInsights/workspaces/query/read, which the Log Analytics Reader built-in role provides.
Paste into Parumox
Open the Portal → Connectors → Add Connector → choose Azure Monitor and fill in:
- Workspace ID — GUID from step 4
- Tenant ID — directory tenant ID from step 1
- Client ID — application client ID from step 1
- Client Secret — secret value from step 2
Save. The connector runs a lightweight print now() KQL query against the workspace as a health check; you'll see the connector flip to Healthy within a few seconds.