Azure Active Directory - Credential Expiry Event documentation

azure_active_directory/README.md

@@ -56,6 +56,21 @@ This includes the following:
 
 Azure Active Directory does not include any metrics.
 
+### Events
+
+Datadog sends credential expiry events, which grant visibility into credential expirations for Azure app registrations, Key Vault keys, Key Vault secrets, and Key Vault certificates. The Azure Active Directory integration must be installed to receive events for Azure App Registrations.
+
+
+- **Expiration events** are sent 60, 30, 15, and 1 day(s) before credential expiration, and once after expiration.
+- **Missing permission events** are sent every 15 days. A missing permission event lists the Key Vaults for which Datadog has not been given permissions. If no changes have been made regarding Key Vault permissions in the previous 15-day cycle, the event notification is not sent again.
+
+You can view these events in [Event Explorer][5].
+
+**Notes**: 
+
+- To collect Azure app registration expiration events, [enable access to the Microsoft Graph API][6].
+- If a certificate and its associated key and secret expire at the exact same time, one expiration event is sent for all resources.
+
 ## Troubleshooting
 
 Need help? Contact [Datadog support][4].
@@ -64,3 +79,5 @@ Need help? Contact [Datadog support][4].
 [2]: https://docs.datadoghq.com/logs/guide/azure-logging-guide/
 [3]: https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/tutorial-azure-monitor-stream-logs-to-event-hub
 [4]: https://docs.datadoghq.com/help
+[5]: https://app.datadoghq.com/event/explorer
+[6]: https://docs.datadoghq.com/integrations/guide/azure-graph-api-permissions/