Introducing Azure Log Analytics and Azure Event Grid Integration

To further strengthen security, scalability, and integration capabilities, we are introducing an important update to Delegate365’s audit logging architecture. These changes will take effect starting April 7th and provide customers with a more standardized, future‑proof approach to audit logging and log processing. This article explains what is changing, why it matters, and what actions are required.

Upgrade Summary – Audit Logging changes

Tasks at a glance:

  1. The new audit logging system replaces the previous logging to Azure Storage Account tables.
  2. Log modules are renamed as part of the transition. Modules that are no longer used are removed or renamed with the suffix “(Legacy)”
  3. Customers are asked to contact us to schedule the upgrade.
  4. A one‑time setup must be completed by the customer to activate the new logging.
  5. Existing permissions remain unchanged and continue to control access to the corresponding log modules.
  6. The new audit logs can optionally be sent to a customer‑owned Azure Event Grid for further processing, integration with SIEM solutions, or other downstream systems.

If you’d like to learn more, continue reading here:

Why we are changing our audit logging architecture

Audit logging is a critical foundation for governance, security, and compliance. Over time, customer expectations have shifted toward:

  • Standardized logging formats
  • Centralized log analysis
  • Seamless integration with SIEM and monitoring platforms
  • Flexible downstream processing of audit events

To meet these needs, Delegate365 now aligns its audit logging with Azure-native best practices by moving to Azure Log Analytics and introducing Azure Event Grid integration.

Change #1: Audit logs are now internally stored in Azure Log Analytics

Delegate365 previously stored audit logs in an Azure Storage Account (Table Storage). Administrators have full access to the Storage Account and all stored tables. Audit data is retained without an automatic expiration. However, to standardize logging and take advantage of Azure’s built‑in logging, analytics, and automatic retention capabilities, we have moved to Azure’s native logging mechanism. With this update:

  • Delegate365 Audit logs are now written to Azure Log Analytics
  • 90 days of audit log retention are available by default
  • Logs follow a standardized process, enabling faster analysis
  • Module Logs will be updated as here

Delegate365 Log Menu

What this means in Delegate365:

  • As part of this update, modules that are no longer in active use have been renamed by appending “(Legacy)” to their original names, and the new modules are named Audit Log.
  • Features that are no longer relevant have been deactivated or removed.
  • The new modules - identified by their names without the (Legacy) suffix - fully replace the previous ones.
  • Existing permission policies remain unchanged and now apply to the new modules automatically.
  • For example, if an administrator previously had access to Quick Audit, they will now have the same level of access to the new Audit Logs module, without any additional configuration.

Delegate365 Logging

Transition period: To ensure a smooth migration:

  • As part of the transition, Customers may contact us to coordinate a suitable upgrade window and complete the required setup.
  • Once the setup is finalized, the new audit logging is active
  • The existing Azure Storage Account tables logs (per month and per year) remains accessible until end of September 2026 (6 months)
  • After this transition period, legacy audit log data will be deleted
  • No historical data is lost immediately; customers have ample time to export or archive the legacy audit log data if needed

Benefits for customers:

  • Standardized logging aligned with Azure Monitor and the logging features
  • Improved performance and scalability
  • Automatic retention of log data
  • Optional integration into their SIEM systems

Azure Log Analytics is the recommended Microsoft platform for operational and security logs—and Delegate365 now benefits fully from this ecosystem.

Change #2: Optional forwarding of audit logs to Azure Event Grid

New capability: Send audit logs to your own systems:

In addition to the existing Extensibility feature, Delegate365 now allows you to publish the full audit log events to your own Azure Event Grid, hosted in your Azure subscription. Once enabled, all audit events can be forwarded for further processing.

How it works:

  • You configure an Azure Event Grid endpoint in your tenant
  • Provide the endpoint URL and access key in Delegate365 and enable the setting
  • Delegate365 publishes audit log events to your Event Grid

Delegate365 Audit Log Sync

From there, events can be routed to:

  • SIEM solutions (e.g. Microsoft Sentinel)
  • Log pipelines
  • Data lakes
  • Custom processing or alerting systems

Note: You send the full audit log stream - this is new. Additionally - if you are eventually only interested in specific events in Delegate365 - forward only these events - as before, see here. This gives you full control over how Delegate365 audit data is consumed and processed.

Benefits for customers:

  • Additional full log data ownership on the customer side
  • Integration with SIEM and monitoring tools
  • Decoupled and scalable architecture
  • Easier compliance and security automation

This integration makes Delegate365 audit logging a first‑class citizen in your existing security and monitoring landscape.

What action is required?

To activate these enhancements:

  • An upgrade and a new setup step is required.
  • The upgrade will be performed at an agreed time, after which the setup must be completed by a Global Administrator of your Microsoft 365 tenant.
  • After 6 months: Old audit log data (all tables storage) in the Delegate365 Azure Storage Account is deleted automatically. The storage account will still being used for temporary files like reports.

Summary

With this update, Delegate365 delivers a modern, standardized, and extensible audit logging solution:

  • Azure Log Analytics for faster access to Delegate365 audit logs
  • Azure Event Grid integration for downstream processing

These changes ensure that Delegate365 audit logs integrate seamlessly into modern Azure and SIEM architectures today and in the future. If you have questions or need assistance with the setup, our team is happy to help.