How to enable API access to Microsoft Entra ID (AzureAD)?

This guide provides step-by-step instructions to enable audit log access in Microsoft Entra ID, formerly Azure Active Directory (AzureAD).

Click on Microsoft Entra ID on the left sidebar
Under Manage click App registrations
Then click + New registration.
Enter a name for your application.
Set Supported account types based on your requirements.
For Redirect URI, you can leave it empty
Click Register at the bottom.
After the application is registered, you will be redirected to the application's overview page.

Copy the Application (client) ID. This is your CLIENT_ID.
On the same overview page, you will find the Directory (tenant) ID. Copy this value as your TENANT_ID.

Click on Certificates & secrets
Then under the Client secrets tab click + New client secret.
Provide a description for the client secret and set an expiration period.
Click Add.
After creating the client secret, copy the value immediately. This is your CLIENT_SECRET. Note: You won’t be able to copy this secret later, so save it securely.

On the left sidebar go to API permissions > Add a permission.
Select Microsoft Graph.
Add delegated permissions: Choose Delegated permissions or Application permissions based on your app's requirements.
For accessing logs, you need permissions like:
- AuditLog.Read.All
- Directory.Read.All
- Reports.Read.All
After adding the necessary permissions, click Grant admin consent to allow the application to use these permissions.