How to enable API access to Microsoft Entra ID (AzureAD)?

This guide provides step-by-step instructions to enable audit log access in Microsoft Entra ID, formerly Azure Active Directory (AzureAD).

Azure Portal: Click on Microsoft Entra ID -> Manage on the left sidebar
-or-
Microsoft Entra admin center: Click Identity -> Applications on the left sidebar
Click App registrations
Then click + New registration.
Enter a name for your application, e.g. EventSentry or EventSentry Log Download
Set Supported account types based on your requirements ("Single Tenant" by default)
"Redirect URI" can be left empty
Click Register at the bottom.
After the application is registered, you will be redirected to the application's overview page.

Copy the Application (client) ID. This is your CLIENT_ID.
On the same overview page, you will find the Directory (tenant) ID. Copy this value as your TENANT_ID.

Click on Certificates & secrets
Then under the Client secrets tab click + New client secret.
Provide a description for the client secret (e.g. "EventSentry" or "EventSentry Log Download") and set an expiration period. Setting a short expiration period is more secure but will require you to create new secrets when the credentials have expired.
Click Add.
IMPORTANT: After creating the client secret, copy the Value immediately. This is your CLIENT_SECRET. Note: You won’t be able to copy this secret later, so save it securely.

On the left sidebar go to API permissions > Add a permission.
Select Microsoft Graph.
Add delegated permissions: Choose Delegated permissions or Application permissions based on your app's requirements. "Application Permissions" are recommended for most cases.
For accessing logs, you need permissions like:
- AuditLog.Read.All
- Directory.Read.All
- Reports.Read.All
After adding the necessary permissions, click Grant admin consent to allow the application to use these permissions.