I am having an issue where we setup an EventHub to pass information to InsightIDR but are getting a limited set of data. Meaning I only see things like ADSync and some user changes like user added to groups and users password change. Nothing showing like an application sign on or anything related to Defender. I feel like we’ve got to do more than just what the instructions state. What am I missing?
Are you following the steps in this article?
https://docs.rapid7.com/insightidr/microsoft-azure
Because we get all of our Azure logs…