From 51af39674a108a4c277c85264a5835ec0110e074 Mon Sep 17 00:00:00 2001 From: Paul Shmakov Date: Tue, 18 Nov 2025 13:30:36 +0000 Subject: [PATCH 1/2] Activity Monitor. Clarified Azure Files configuration - that the app registration requires a Global Administrator role. --- .../azure-files/azurefiles-activity.md | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/docs/activitymonitor/9.0/requirements/activityagent/nas-device-configuration/azure-files/azurefiles-activity.md b/docs/activitymonitor/9.0/requirements/activityagent/nas-device-configuration/azure-files/azurefiles-activity.md index 2e690155c2..19bfb2b152 100644 --- a/docs/activitymonitor/9.0/requirements/activityagent/nas-device-configuration/azure-files/azurefiles-activity.md +++ b/docs/activitymonitor/9.0/requirements/activityagent/nas-device-configuration/azure-files/azurefiles-activity.md @@ -67,6 +67,15 @@ It may take up to 90 minutes for the changes to take effect. Monitoring of Azure Files requires an application to be registered in the Azure portal, assigning it permissions to access the Graph API and RBAC roles to access storage accounts. +:::note +A user account with the **Global Administrator** role is required to register an app and grant admin consent in Microsoft Azure. +::: + +Before you begin, make sure you have: +- Access to the Azure portal +- Permissions to create app registrations +- Permissions to grant admin consent for your tenant + If you already have an application registered for Activity Monitor for Entra ID, SharePoint Online, or Exchange Online, you can reuse that registration for Azure Files by assigning additional RBAC roles. @@ -102,6 +111,10 @@ On the **Overview** page, copy the **Application (client) ID** and **Directory ( 3. Specify a description and an expiration period. 4. On the **Certificates & secrets** page, copy the **Value** of the created secret and save it for later. +:::note +Be aware of the client secret's expiration date. You'll need to generate a new one before it expires to ensure uninterrupted monitoring. +::: + :::warning Make sure you copy the **Value**, not the **Secret ID**. ::: @@ -115,7 +128,8 @@ Activity Monitor requires the `User.Read.All` permission to resolve user SIDs in **Microsoft Graph** Type: **Application permissions** Permission: `User.Read.All` -3. Click **Grant admin consent for Your Company**. +3. Click **Grant admin consent for [tenant name]**, then confirm when prompted. + This action requires a Global Administrator. ## Assign Azure RBAC roles for storage accounts From c10ca7ade8ffcd1747eebf216e8971a56f66a962 Mon Sep 17 00:00:00 2001 From: Paul Shmakov Date: Tue, 18 Nov 2025 13:32:26 +0000 Subject: [PATCH 2/2] Activity Monitor. Clarified Azure Files configuration - that the app registration requires a Global Administrator role. --- .../azure-files/azurefiles-activity.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/docs/activitymonitor/9.0/requirements/activityagent/nas-device-configuration/azure-files/azurefiles-activity.md b/docs/activitymonitor/9.0/requirements/activityagent/nas-device-configuration/azure-files/azurefiles-activity.md index 19bfb2b152..535265481b 100644 --- a/docs/activitymonitor/9.0/requirements/activityagent/nas-device-configuration/azure-files/azurefiles-activity.md +++ b/docs/activitymonitor/9.0/requirements/activityagent/nas-device-configuration/azure-files/azurefiles-activity.md @@ -71,11 +71,6 @@ RBAC roles to access storage accounts. A user account with the **Global Administrator** role is required to register an app and grant admin consent in Microsoft Azure. ::: -Before you begin, make sure you have: -- Access to the Azure portal -- Permissions to create app registrations -- Permissions to grant admin consent for your tenant - If you already have an application registered for Activity Monitor for Entra ID, SharePoint Online, or Exchange Online, you can reuse that registration for Azure Files by assigning additional RBAC roles.