Docs: Update with new API permission requirement supporting BED-7248: Entra ID User Last Logon Timestamp AZUser Node Property

[Mayyhem]

The AuditLog.Read.All permission is required to collect the signInActivity property from the users endpoint.

PRs have been submitted to AzureHound and BloodHound to collect and display LastSuccessfulSignInDateTime if the user running AzureHound has this permission, otherwise resubmit the request without selecting this property.

AzureHound: SpecterOps/AzureHound#163
BloodHound: SpecterOps/BloodHound#2307

Summary by CodeRabbit

• Documentation
  • Updated Azure configuration installation guide to include an optional AuditLog.Read.All permission step for collecting additional user activity data, with corresponding UI updates and adjusted step numbering throughout the section.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This PR updates the Azure configuration documentation by introducing an optional step to enable the AuditLog.Read.All permission, which allows collection of AZUser.LastSuccessfulSignInDateTime data. Subsequent steps are renumbered to reflect this addition.

Changes

Cohort / File(s)	Summary
Azure Configuration Documentation docs/install-data-collector/install-azurehound/azure-configuration.mdx	Added optional step for enabling AuditLog.Read.All permission with UI snippet; renumbered subsequent steps in the "Grant Microsoft Graph Permissions" section

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• Updated Entra ID and Azure configuration guide #50 — Modifies the same Azure configuration permissions flow by adjusting Microsoft Graph application permissions

Suggested labels

documentation

Suggested reviewers

• StephenHinck

Poem

🐰 A hop, a skip, through docs so bright,
New permissions dance into the light,
AuditLog reads what we seek to find,
Each numbered step perfectly aligned! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: updating documentation to reflect a new API permission requirement (AuditLog.Read.All) needed for collecting user last logon timestamps in AZUser nodes.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[zinic]

lgtm

[jeff-matthews]

Thanks for the PR @Mayyhem! This is a good reminder for me to create a release branch for 8.6.0. I'll do that and merge this PR into it along with all other release-related doc PRs.