diff --git a/source/_static/js/redirects.js b/source/_static/js/redirects.js
index 00be37c7aa..ee884a6cac 100644
--- a/source/_static/js/redirects.js
+++ b/source/_static/js/redirects.js
@@ -218,6 +218,26 @@ redirections.push(
     '4.8': '/migration-guide/files-backup/restoring/wazuh-central-components.html',
     '4.9': '/migration-guide/restoring/wazuh-central-components.html',
   },
+  {
+    'target': ['4.8=>4.9', '4.9=>4.8'],
+    '4.8': '/cloud-security/azure/activity-services/entra/graph.html',
+    '4.9': '/cloud-security/azure/graph.html',
+  },
+  {
+    'target': ['4.8=>4.9', '4.9=>4.8'],
+    '4.8': '/cloud-security/azure/activity-services/entra/index.html',
+    '4.9': '/cloud-security/azure/graph.html#microsoft-entra-id-use-case',
+  },
+  {
+    'target': ['4.8=>4.9'],
+    '4.8': '/cloud-security/azure/activity-services/index.html',
+    '4.9': '/cloud-security/azure/index.html',
+  },
+  {
+    'target': ['4.8=>4.9'],
+    '4.8': '/cloud-security/azure/activity-services/prerequisites/considerations.html',
+    '4.9': '/cloud-security/azure/platform-and-services.html#prerequisites',
+  },
 );
 
 /* Pages added in 4.9 */
@@ -258,6 +278,8 @@ newUrls['4.9'] = [
   '/migration-guide/restoring/wazuh-central-components.html',
   '/cloud-security/amazon/services/prerequisites/aws-policy.html',
   '/cloud-security/amazon/services/prerequisites/iam-identities.html',
+  '/cloud-security/azure/graph.html',
+  '/cloud-security/azure/platform-and-services.html',
 ];
 
 /* Pages no longer available in 4.9 */
@@ -302,6 +324,10 @@ removedUrls['4.9'] = [
   '/migration-guide/files-backup/restoring/index.html',
   '/migration-guide/files-backup/restoring/wazuh-agent.html',
   '/migration-guide/files-backup/restoring/wazuh-central-components.html',
+  '/cloud-security/azure/activity-services/entra/graph.html',
+  '/cloud-security/azure/activity-services/entra/index.html',
+  '/cloud-security/azure/activity-services/index.html',
+  '/cloud-security/azure/activity-services/prerequisites/considerations.html',
 ];
 
 /* *** RELEASE 4.8 ****/
diff --git a/source/_templates/cloud/notes.rst b/source/_templates/cloud/notes.rst
index 6e1d3957f4..5be637359e 100644
--- a/source/_templates/cloud/notes.rst
+++ b/source/_templates/cloud/notes.rst
@@ -1,6 +1,6 @@
 .. Copyright (C) 2015 Wazuh, Inc.
 
-You can configure the integration with |service| either in the Wazuh manager or in a Wazuh agent. This choice depends solely on how you access your |service| infrastructure in your environment.
+You can configure the Wazuh module for |service| either in the Wazuh manager or in a Wazuh agent. This choice depends solely on how you access your |service| infrastructure in your environment.
 
 You only need to install dependencies when configuring the integration with |service| in a Wazuh agent. The Wazuh manager already includes all the necessary dependencies.
 
diff --git a/source/_templates/cloud/pip_installation.rst b/source/_templates/cloud/pip_installation.rst
index 36c0ee6dae..e6e935c1be 100644
--- a/source/_templates/cloud/pip_installation.rst
+++ b/source/_templates/cloud/pip_installation.rst
@@ -51,5 +51,4 @@ If your pip version is less than 19.3, run the following command to upgrade the
 
          To prevent the modification, you can run ``pip3 install --upgrade pip`` within a virtual environment. You must update the shebang of the |module_script| Python script with the interpreter in your virtual environment. For example, ``#!/path/to/your/virtual/environment/bin/python3``.
 
-
 .. End of include file
diff --git a/source/_templates/cloud/python_installation.rst b/source/_templates/cloud/python_installation.rst
index 588734ca7a..3460d454b4 100644
--- a/source/_templates/cloud/python_installation.rst
+++ b/source/_templates/cloud/python_installation.rst
@@ -1,6 +1,6 @@
 .. Copyright (C) 2015 Wazuh, Inc.
 
-The Wazuh module for |service| requires `Python 3 <https://www.python.org/downloads/>`__. Specifically, it's compatible with Python |py_cloud_cont_min|–|py_cloud_cont_max|. While later Python versions should work as well, we can't assure they are compatible. If you do not have Python 3 already installed, run the following command to install it on the endpoint where the Wazuh agent is installed.
+The Wazuh module for |service| is compatible with Python |py_cloud_cont_min|–|py_cloud_cont_max|. While later `Python versions <https://www.python.org/downloads/>`__ should work as well, we can't assure they are compatible. If you do not have Python 3 already installed, run the following command on your monitored endpoint.
 
 .. tabs::
 
diff --git a/source/cloud-security/azure/activity-services/entra/graph.rst b/source/cloud-security/azure/activity-services/entra/graph.rst
deleted file mode 100644
index b0eacca5f6..0000000000
--- a/source/cloud-security/azure/activity-services/entra/graph.rst
+++ /dev/null
@@ -1,200 +0,0 @@
-.. Copyright (C) 2015, Wazuh, Inc.
-
-.. meta::
-  :description: Learn how the Wazuh Azure module works in conjunction with the Microsoft Graph REST API in this section of the documentation.
-
-.. _azure_graph:
-
-Using Microsoft Graph
-=====================
-
-Learn how to configure an application from the Microsoft Azure portal to be able to use the `Microsoft Graph REST API`. In this section you will find:
-
-- `Azure configuration`_
-- `Wazuh configuration`_
-- `Microsoft Graph use case`_
-
-In order to know how the Wazuh Azure module works in conjunction with the `Microsoft Graph REST API`, it is important to understand first what are the Microsoft Entra ID activity reports and what kind of information they provide. Wazuh can process the logs from the following Microsoft Entra ID activity reports, each one of them requiring a different query to be executed:
-
-+---------------------------------------------------------------------------------------------------------------------------+-------------------------------+
-| **Report type**                                                                                                           | **Query**                     |
-+---------------------------------------------------------------------------------------------------------------------------+-------------------------------+
-| `Directory audits <https://docs.microsoft.com/en-us/graph/api/directoryaudit-list?view=graph-rest-1.0&tabs=http>`_        | ``auditLogs/directoryaudits`` |
-+---------------------------------------------------------------------------------------------------------------------------+-------------------------------+
-| `Sign-ins <https://docs.microsoft.com/en-us/graph/api/signin-list?view=graph-rest-1.0&tabs=http>`_                        | ``auditLogs/signIns``         |
-+---------------------------------------------------------------------------------------------------------------------------+-------------------------------+
-| `Provisioning <https://docs.microsoft.com/en-us/graph/api/provisioningobjectsummary-list?view=graph-rest-1.0&tabs=http>`_ | ``auditLogs/provisioning``    |
-+---------------------------------------------------------------------------------------------------------------------------+-------------------------------+
-
-
-Azure configuration
--------------------
-
-Creating the application
-^^^^^^^^^^^^^^^^^^^^^^^^
-
-This section explains the creation of an application that will use the Azure Log Analytics REST API. It is also possible to configure an existing application. If this is the case, skip this step.
-
-In the **Microsoft Entra ID** panel, select the option **App registrations**. Then, select **New registration**.
-
-.. thumbnail:: /images/cloud-security/azure/graph-1.png
-    :title: Log Analytics App
-    :align: center
-    :width: 100%
-
-Giving permissions to the application
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-#. Go to the **Overview** section and save the **Application (client) ID** for later authentication.
-
-    .. thumbnail:: /images/cloud-security/azure/graph-2.png
-        :title: AAD
-        :align: center
-        :width: 75%
-
-#. Go to the **API permissions** section and select the **Add a permission** option.
-
-    .. thumbnail:: /images/cloud-security/azure/graph-3.png
-        :title: AAD
-        :align: center
-        :width: 100%
-
-#. Select the API by searching for "Microsoft Graph".
-
-    .. thumbnail:: /images/cloud-security/azure/graph-4.png
-        :title: AAD
-        :align: center
-        :width: 100%
-
-#. Select the permissions in **Applications permissions** that adapt to our infrastructure. In this case, **AuditLog** permissions will be granted. Then, click **Add permissions**.
-
-    .. thumbnail:: /images/cloud-security/azure/graph-5.png
-        :title: AAD
-        :align: center
-        :width: 100%
-
-#. Grant admin consent for the tenant domain used for the permission added in the previous step. This must be done by an admin user.
-
-    .. thumbnail:: /images/cloud-security/azure/graph-6.png
-        :title: AAD
-        :align: center
-        :width: 100%
-
-    .. thumbnail:: /images/cloud-security/azure/graph-7.png
-        :title: AAD
-        :align: center
-        :width: 100%
-
-Obtaining the application key for authentication
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Select **Certificates & secrets** and fill in the **Description** and **Expires** fields. Copy the **value** once the key is saved. This is required to authenticate the application in order to use the Log Analytics API.
-
-.. thumbnail:: /images/cloud-security/azure/log-analytics-create-key.png
-    :title: Log Analytics App
-    :align: center
-    :width: 100%
-
-.. thumbnail:: /images/cloud-security/azure/log-analytics-key-created.png
-    :title: Log Analytics App
-    :align: center
-    :width: 100%
-
-
-Wazuh configuration
--------------------
-
-azure-logs module configuration
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Proceed with configuring the ``azure-logs`` module in the local configuration (``ossec.conf``). The `key and ID of the application` saved during the previous steps will be used here. In this case, both fields were saved in a `file` for authentication.
-
-Here is an example of how to get the audit log of the Microsoft Entra ID using Microsoft Graph. This example configuration includes a representative ``tag`` and is scheduled for every Monday at 02:00, using an offset of one day, which means only the log data from the last day is parsed:
-
-.. code-block:: xml
-
-    <wodle name="azure-logs">
-
-        <disabled>no</disabled>
-        <wday>Monday</wday>
-        <time>2:00</time>
-        <run_on_start>no</run_on_start>
-
-        <graph>
-
-            <auth_path>/var/ossec/wodles/azure/credentials</auth_path>
-            <tenantdomain>wazuh.onmicrosoft.com</tenantdomain>
-
-            <request>
-                <tag>microsoft-entra_id</tag>
-                <query>auditLogs/directoryAudits</query>
-                <time_offset>1d</time_offset>
-            </request>
-
-        </graph>
-
-    </wodle>
-
-Check the :doc:`azure-logs </user-manual/reference/ossec-conf/wodle-azure-logs>` module reference for more information about how to use the different parameters available.
-
-.. note:: If an authentication file is used, as in this example, its content must follow the format ``field = value``. Here is an example of this format:
-
-  .. code-block:: none
-
-    application_id = 317...764
-    application_key = wUj...9cj
-
-.. warning:: The field ``tenantdomain`` is mandatory. It can be obtained from the **Overview** section in Microsoft Entra ID.
-
-Microsoft Graph use case
-------------------------
-
-Here is an example of monitoring Microsoft Entra ID activity using the configuration described above.
-
-Wazuh Rules
-^^^^^^^^^^^
-
-In this example, the records are in ``.json`` format. The following rules are already included in Wazuh which means alerts will be generated for the logs in this example.
-
-.. code-block:: xml
-
-    <rule id="87802" level="3">
-        <decoded_as>json</decoded_as>
-        <field name="azure_tag">azure-ad-graph</field>
-        <description>Azure: AD $(activity)</description>
-    </rule>
-
-Create a new user
-^^^^^^^^^^^^^^^^^
-
-Create a new user in Azure. If the creation is successful, a log will be written to reflect it. This log can be retrieved using the ``auditLogs/directoryAudits`` query.
-
-.. thumbnail:: /images/cloud-security/azure/new-user.png
-    :title: AAD
-    :align: center
-    :width: 100%
-
-Azure portal visualization
-^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-The resulting log from the user creation can be checked in the **Audit logs** section of Microsoft Entra ID.
-
-.. thumbnail:: /images/cloud-security/azure/portal-services.png
-    :title: AAD
-    :align: center
-    :width: 100%
-
-Wazuh dashboard visualization
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Once the integration is running, the results will be available in the Wazuh dashboard.
-
-.. thumbnail:: /images/cloud-security/azure/kibana-services-1.png
-    :title: AAD
-    :align: center
-    :width: 90%
-
-.. thumbnail:: /images/cloud-security/azure/kibana-services-2.png
-    :title: AAD
-    :align: center
-    :width: 80%
diff --git a/source/cloud-security/azure/activity-services/entra/index.rst b/source/cloud-security/azure/activity-services/entra/index.rst
deleted file mode 100644
index 7b20f5f576..0000000000
--- a/source/cloud-security/azure/activity-services/entra/index.rst
+++ /dev/null
@@ -1,26 +0,0 @@
-.. Copyright (C) 2015, Wazuh, Inc.
-
-.. meta::
-  :description: Discover the tools Wazuh provides to monitor Microsoft Entra ID in this section of the documentation.
-
-.. _azure_monitoring_services:
-
-Monitoring Microsoft Entra ID
-=============================
-
-`Microsoft Entra ID <https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis>`_ is the identity and directory management service that combines basic directory services, application access management, and identity protection in a single solution. The Wazuh ``azure-logs`` module requires dependencies to work as well as the right credentials to access the logs. Take a look at the :doc:`prerequisites </cloud-security/azure/activity-services/prerequisites/index>` section before proceeding. 
-
-.. thumbnail:: /images/cloud-security/azure/aad-graph-intro.png
-    :title: AAD
-    :align: center
-    :width: 100%
-
-Wazuh is able to monitor the Microsoft Entra ID (ME-ID) service using the Activity reports provided by the `Microsoft Graph REST API <https://docs.microsoft.com/en-us/graph/overview>`_. Microsoft Entra ID applications can make use of the Microsoft Graph API to perform read operations on directory data and objects.
-
-
-.. topic:: Contents
-
-    .. toctree::
-       :maxdepth: 2
-
-       graph
\ No newline at end of file
diff --git a/source/cloud-security/azure/activity-services/index.rst b/source/cloud-security/azure/activity-services/index.rst
deleted file mode 100644
index c39c7bca20..0000000000
--- a/source/cloud-security/azure/activity-services/index.rst
+++ /dev/null
@@ -1,27 +0,0 @@
-.. Copyright (C) 2015, Wazuh, Inc.
-
-.. meta::
-  :description: Discover how Wazuh can help you to monitor your Microsoft Azure activity and services in this section of our documentation.
-
-.. _azure_activity_services:
-
-Monitoring activity and services
-================================
-
-The Wazuh ``azure-logs`` module for Azure provides capabilities to monitor all the activity and the services of our infrastructure.
-
-From a wider perspective, the Microsoft Azure infrastructure resources can be divided into three types of logs:
-
-- `Activity logs` keep track of the operations performed on a resource from outside of the infrastructure.
-- `Resource logs`, previously known as `Diagnostic logs`, provide insight into the operations performed within an Azure resource.
-- `Microsoft Entra ID logs` contain the history of sign-in activity and audit information about the changes made to Microsoft Entra ID for a given tenant domain.
-
-
-.. topic:: Contents
-
-   .. toctree::
-      :maxdepth: 2
-
-      prerequisites/index
-      services/index
-      entra/index
diff --git a/source/cloud-security/azure/activity-services/prerequisites/considerations.rst b/source/cloud-security/azure/activity-services/prerequisites/considerations.rst
deleted file mode 100644
index 06334744f5..0000000000
--- a/source/cloud-security/azure/activity-services/prerequisites/considerations.rst
+++ /dev/null
@@ -1,99 +0,0 @@
-.. Copyright (C) 2015, Wazuh, Inc.
-
-.. meta::
-  :description: Learn considerations for configuring multiple services with the Wazuh Azure module in this section of the Wazuh documentation.
-
-.. _azure_considerations:
-
-Considerations for configuration
-================================
-
-Reparse
--------
-
-.. warning::
-
-   Using the ``reparse`` option will fetch and process all the logs from the starting date until the present. This process may generate duplicate alerts.
-
-To fetch and process older logs, you need to manually run the module using the ``--reparse`` option.
-
-The ``la_time_offset`` value sets the time as an offset for the starting point. If you don't provide an ``la_time_offset`` value, the module goes back to the date of the first file processed.
-
-Find an example of running the module on a manager using the ``--reparse`` option. ``/var/ossec`` is the Wazuh installation path.
-
-.. code-block:: console
-
-  # /var/ossec/wodles/azure/azure-logs --log_analytics --la_auth_path credentials_example --la_tenant_domain 'wazuh.example.domain' --la_tag azure-activity --la_query "AzureActivity" --workspace example-workspace --la_time_offset 50d --debug 2 --reparse
-
-The ``--debug 2`` parameter gets a verbose output. This is useful to show the script is working, specially when handling a large amount of data.
-
-
-Configuring multiple services
------------------------------
-
-It is possible to add more than one ``request`` block at the same time in the same configuration. Each request will be processed sequentially. Here is an example configuration:
-
-.. code-block:: xml
-
-    <wodle name="azure-logs">
-        <disabled>no</disabled>
-        <run_on_start>yes</run_on_start>
-
-        <log_analytics>
-            <auth_path>/var/ossec/wodles/credentials/log_analytics_credentials</auth_path>
-            <tenantdomain>wazuh.onmicrosoft.com</tenantdomain>
-
-            <request>
-                <tag>azure-activity</tag>
-                <query>AzureActivity | where SubscriptionId == 2d7...61d </query>
-                <workspace>d6b...efa</workspace>
-                <time_offset>36h</time_offset>
-            </request>
-
-            <request>
-                <tag>azure-activity</tag>
-                <query>AzureActivity | where SubscriptionId == 3f5...21g </query>
-                <workspace>d6b...efa</workspace>
-                <time_offset>2d</time_offset>
-            </request>
-
-        </log_analytics>
-
-        <graph>
-            <auth_path>/var/ossec/wodles/credentials/graph_credentials</auth_path>
-            <tenantdomain>wazuh.onmicrosoft.com</tenantdomain>
-
-            <request>
-                <tag>microsoft-entra_id-1</tag>
-                <query>auditLogs/directoryAudits</query>
-                <time_offset>1d</time_offset>
-            </request>
-
-            <request>
-                <tag>microsoft-entra_id-2</tag>
-                <query>auditLogs/directoryAudits</query>
-                <time_offset>1d</time_offset>
-            </request>
-
-        </graph>
-
-        <storage>
-            <auth_path>/var/ossec/wodles/credentials/storage_credentials</auth_path>
-            <tag>azure-activity</tag>
-
-            <container name="insights-operational-logs">
-                <blobs>.json</blobs>
-                <content_type>json_inline</content_type>
-                <time_offset>24h</time_offset>
-                <path>info-logs</path>
-            </container>
-
-            <container name="insights-operational-logs">
-                <blobs>.txt</blobs>
-                <content_type>json_inline</content_type>
-                <time_offset>24h</time_offset>
-                <path>info-logs</path>
-            </container>
-
-        </storage>
-    </wodle>
\ No newline at end of file
diff --git a/source/cloud-security/azure/activity-services/prerequisites/credentials.rst b/source/cloud-security/azure/activity-services/prerequisites/credentials.rst
deleted file mode 100644
index 2e676aa39e..0000000000
--- a/source/cloud-security/azure/activity-services/prerequisites/credentials.rst
+++ /dev/null
@@ -1,182 +0,0 @@
-.. Copyright (C) 2015, Wazuh, Inc.
-
-.. meta::
-  :description: Learn what you need to provide access credentials to the Wazuh Azure module so it can successfully connect to Azure in this section of the Wazuh documentation.
-
-Configuring Azure credentials
-=============================
-
-It is necessary to provide access credentials to the Wazuh Azure module so it can successfully connect to Azure. The credentials required vary depending on the type of monitoring.
-
-
-.. _graph_and_log_analytics_credentials:
-
-Getting access credentials for Microsoft Graph and Log Analytics
-----------------------------------------------------------------
-For :doc:`Microsoft Graph </cloud-security/azure/activity-services/entra/graph>` and :doc:`Log Analytics </cloud-security/azure/activity-services/services/log-analytics>` valid ``application_id`` and ``application_key`` values are required. The necessary ``application_key`` value for a given **App Registration** in **Microsoft Entra ID** can be obtained from the **Certificates & secrets** section while the ``application_id`` can be obtained from the **Overview** section:
-
-.. thumbnail:: /images/cloud-security/azure/log-analytics-create-key.png
-    :title: Log Analytics App
-    :align: center
-    :width: 100%
-
-.. thumbnail:: /images/cloud-security/azure/log-analytics-key-created.png
-    :title: Log Analytics App
-    :align: center
-    :width: 100%
-
-
-Getting access credentials for Storage
---------------------------------------
-:doc:`Azure Storage </cloud-security/azure/activity-services/services/storage>` requires valid ``account_name`` and ``account_key`` values. They can be obtained in the **Access keys** section of **Storage accounts**:
-
-.. thumbnail:: /images/cloud-security/azure/account-credentials.png
-    :title: Storage
-    :align: center
-    :width: 100%
-
-
-Authentication options
-----------------------
-
-There are two different ways to set up the Azure authentication:
-
-Using an authentication file
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-It is possible to store the credentials in a file for authentication as long as the file content follows the `field = value` format explained below.
-
-The fields expected to be present in the credentials file will change depending on the type of service or activity to be monitored.
-
-.. rubric:: Microsoft Graph and Log Analytics
-   :class: h5
-
-The file must contain only two lines, one for the application ID and another one for the application key obtained previously.
-
-.. code-block:: none
-
-   application_id = <YOUR_APPLICATION_ID>
-   application_key = <YOUR_APPLICATION_KEY>
-
-.. rubric:: Storage
-   :class: h5
-
-The file must contain only two lines, one for the account name and the other one for the account key obtained previously:
-
-.. code-block:: none
-
-   account_name = <YOUR_ACCOUNT_NAME>
-   account_key = <YOUR_ACCOUNT_KEY>
-
-
-Regardless of the service or activity to be monitored, the authentication file is always specified in the ``ossec.conf`` configuration file using the ``<auth_path>`` tag. Take a look at the following example:
-
-.. code-block:: none
-   :emphasize-lines: 6, 17, 27
-
-   <wodle name="azure-logs">
-     <disabled>no</disabled>
-     <run_on_start>yes</run_on_start>
-
-     <log_analytics>
-         <auth_path>/var/ossec/wodles/credentials/log_analytics_credentials</auth_path>
-
-         <tenantdomain>wazuh.onmicrosoft.com</tenantdomain>
-         <request>
-             <query>AzureActivity</query>
-             <workspace>d6b...efa</workspace>
-             <time_offset>1d</time_offset>
-         </request>
-     </log_analytics>
-
-     <graph>
-         <auth_path>/var/ossec/wodles/credentials/graph_credentials</auth_path>
-
-         <tenantdomain>wazuh.onmicrosoft.com</tenantdomain>
-         <request>
-             <query>auditLogs/directoryAudits</query>
-             <time_offset>1d</time_offset>
-         </request>
-     </graph>
-
-     <storage>
-         <auth_path>/var/ossec/wodles/credentials/storage_credentials</auth_path>
-
-         <container name="insights-operational-logs">
-             <blobs>.json</blobs>
-             <content_type>json_inline</content_type>
-             <time_offset>24h</time_offset>
-         </container>
-     </storage>
-   </wodle>
-
-
-Check the :doc:`azure-logs wodle </user-manual/reference/ossec-conf/wodle-azure-logs>` section from the ossec.conf reference page for more information about the ``<auth_path>`` and other available parameters.
-
-
-Inserting the credentials into the configuration
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-.. deprecated:: 4.4.0
-
-Another authentication option is to set up credentials by storing them directly into the Wazuh configuration file ``/var/ossec/etc/ossec.conf``, inside of the ``<graph>``, ``<log_analytics>`` and ``<storage>`` blocks on the module configuration.
-
-The tags to use are different depending on the type of service or activity to be monitored:
-
-.. rubric:: Microsoft Graph and Log Analytics
-   :class: h5
-
-.. code-block:: none
-   :emphasize-lines: 6, 7, 18, 19
-
-   <wodle name="azure-logs">
-     <disabled>no</disabled>
-     <run_on_start>yes</run_on_start>
-
-     <log_analytics>
-         <application_id>8b7...c14</application_id>
-         <application_key>w22...91x</application_key>
-
-         <tenantdomain>wazuh.onmicrosoft.com</tenantdomain>
-         <request>
-             <query>AzureActivity</query>
-             <workspace>d6b...efa</workspace>
-             <time_offset>1d</time_offset>
-         </request>
-     </log_analytics>
-
-     <graph>
-         <application_id>8b7...c14</application_id>
-         <application_key>w22...91x</application_key>
-
-         <tenantdomain>wazuh.onmicrosoft.com</tenantdomain>
-         <request>
-             <query>auditLogs/directoryAudits</query>
-             <time_offset>1d</time_offset>
-         </request>
-     </graph>
-   </wodle>
-
-.. rubric:: Storage
-   :class: h5
-
-.. code-block:: none
-   :emphasize-lines: 6, 7
-
-   <wodle name="azure-logs">
-     <disabled>no</disabled>
-     <run_on_start>yes</run_on_start>
-
-     <storage>
-         <account_name>exampleaccountname</account_name>
-         <account_key>w22...91x</account_key>
-
-         <container name="insights-operational-logs">
-             <blobs>.json</blobs>
-             <content_type>json_inline</content_type>
-             <time_offset>24h</time_offset>
-         </container>
-     </storage>
-   </wodle>
-
-Take a look at the :doc:`azure-logs wodle </user-manual/reference/ossec-conf/wodle-azure-logs>` entry from the ``ossec.conf`` reference page for more information about the parameters.
diff --git a/source/cloud-security/azure/activity-services/prerequisites/dependencies.rst b/source/cloud-security/azure/activity-services/prerequisites/dependencies.rst
deleted file mode 100644
index f6f22774f2..0000000000
--- a/source/cloud-security/azure/activity-services/prerequisites/dependencies.rst
+++ /dev/null
@@ -1,48 +0,0 @@
-.. Copyright (C) 2015, Wazuh, Inc.
-
-.. meta::
-   :description: Learn about the required dependencies for using the AZURE integration in a Wazuh agent.
-
-Installing dependencies
-=======================
-
-.. |service| replace:: Azure
-
-.. include:: /_templates/cloud/notes.rst
-
-Python
-------
-
-.. |py_cloud_cont_min| replace:: |PYTHON_CLOUD_CONTAINERS_MIN|
-.. |py_cloud_cont_max| replace:: |PYTHON_CLOUD_CONTAINERS_MAX|
-
-.. include:: /_templates/cloud/python_installation.rst
-
-.. |module_script| replace:: ``/var/ossec/wodles/azure/azure-logs``
-
-.. include:: /_templates/cloud/pip_installation.rst
-
-Azure Storage client library for Python
----------------------------------------
-
-`Azure Storage Blobs client library <https://pypi.org/project/azure-storage-blob/>`_ is the official Python library for Microsoft's Azure Blob storage.
-
-To install the dependencies, execute the following command:
-
-.. tabs::
-
-   .. group-tab:: Python 3.8–3.10
-
-      .. code-block:: console
-
-         # pip3 install azure-storage-blob==12.20.0 azure-storage-common==2.1.0 azure-common==1.1.25 cryptography==3.3.2 cffi==1.14.4 pycparser==2.20 six==1.14.0 python-dateutil==2.8.1 requests==2.25.1 certifi==2022.12.07 chardet==3.0.4 idna==2.9 urllib3==1.26.18 SQLAlchemy==2.0.23 pytz==2020.1
-
-   .. group-tab:: Python 3.11–3.12
-
-      .. code-block:: console
-
-         # pip3 install --break-system-packages azure-storage-blob==12.20.0 azure-storage-common==2.1.0 azure-common==1.1.25 cryptography==3.3.2 cffi==1.14.4 pycparser==2.20 six==1.14.0 python-dateutil==2.8.1 requests==2.25.1 certifi==2022.12.07 chardet==3.0.4 idna==2.9 urllib3==1.26.18 SQLAlchemy==2.0.23 pytz==2020.1
-
-      .. note::
-
-         If you're using a virtual environment, remove the ``--break-system-packages`` parameter from the command above.
diff --git a/source/cloud-security/azure/activity-services/prerequisites/index.rst b/source/cloud-security/azure/activity-services/prerequisites/index.rst
deleted file mode 100644
index 2a80795276..0000000000
--- a/source/cloud-security/azure/activity-services/prerequisites/index.rst
+++ /dev/null
@@ -1,20 +0,0 @@
-.. Copyright (C) 2015, Wazuh, Inc.
-
-.. meta::
-  :description: Learn what you need to install and configure the Wazuh module to monitor Azure activity and services in this section of the Wazuh documentation.
-
-.. _azure_prerequisites:
-
-Prerequisites
-=============
-
-Install the dependencies required by this module and set the credentials to access the service. Check the `Considerations for configuration` section to learn more about configuring multiple services. 
-
-.. topic:: Contents
-
-    .. toctree::
-       :maxdepth: 2
-
-       dependencies
-       credentials
-       considerations
diff --git a/source/cloud-security/azure/activity-services/services/index.rst b/source/cloud-security/azure/activity-services/services/index.rst
deleted file mode 100644
index bd4e1d6b3b..0000000000
--- a/source/cloud-security/azure/activity-services/services/index.rst
+++ /dev/null
@@ -1,23 +0,0 @@
-.. Copyright (C) 2015, Wazuh, Inc.
-
-.. meta::
-  :description: The Azure Monitor Logs collects and organizes logs and performance data from monitored resources. Learn how to use Monitor Logs with Wazuh in this section. 
-
-.. _azure_monitoring_activity:
-
-Monitoring Azure platform and services
-======================================
-
-
-The `Azure Monitor Logs <https://docs.microsoft.com/en-us/azure/azure-monitor/logs/data-platform-logs>`_ collects and organizes logs and performance data from monitored resources, including Azure services, virtual machines, and applications. This insight can be sent to Wazuh using the `Azure Log Analytics REST API` or directly accessing the contents of an `Azure Storage` account. 
-
-This section explains the two ways to proceed, looking at the steps to follow in the Microsoft Azure portal and using the ``azure-logs`` module on the Wazuh manager. The Wazuh ``azure-logs`` module requires dependencies as well as the right credentials to access the logs. Take a look at the :doc:`prerequisites </cloud-security/azure/activity-services/prerequisites/index>` section before proceeding.
-
-
-.. topic:: Contents
-
-    .. toctree::
-       :maxdepth: 2
-
-       log-analytics
-       storage
\ No newline at end of file
diff --git a/source/cloud-security/azure/activity-services/services/log-analytics.rst b/source/cloud-security/azure/activity-services/services/log-analytics.rst
deleted file mode 100644
index 8ef3410276..0000000000
--- a/source/cloud-security/azure/activity-services/services/log-analytics.rst
+++ /dev/null
@@ -1,230 +0,0 @@
-.. Copyright (C) 2015, Wazuh, Inc.
-
-.. meta::
-  :description: Azure Log Analytics is a service that monitors Azure infrastructures offering query capabilities. Learn how to use Log Analytics with Wazuh in this section.
-  
-.. _azure_log_analytics:
-
-Using Azure Log Analytics
-=========================
-
-`Azure Log Analytics <https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-overview>`_ is a service that monitors your infrastructure offering query capabilities that allow you to perform advanced searches specific to your data.
-
-The Log Analytics solution helps you to analyze and search the Azure activity log in all your Azure subscriptions, providing information about the operations performed with the resources of your subscriptions.
-
-.. thumbnail:: /images/cloud-security/azure/log-analytics-activity-send.png
-    :title: Microsoft Azure resources
-    :align: center
-    :width: 60%
-
-The data collected by Log Analytics can be consulted through the **Azure Log Analytics REST API**. The Azure Log Analytics API uses the Microsoft Entra ID authentication scheme.
-
-A qualified application or client is required to use the Azure Log Analytics REST API. This must be configured manually on the Microsoft Azure portal.
-
-- `Setting up the application`_
-- `Azure Log Analytics use case`_
-
-Setting up the application
----------------------------
-
-The process explained below details the creation of an application that will use the Azure Log Analytics REST API. It is also possible to configure an existing application. If this is the case, skip the **Creating the application** step.
-
-Creating the application
-^^^^^^^^^^^^^^^^^^^^^^^^
-
-In the **Microsoft Entra ID** panel, select the option **App registrations**. Then, select **New registration**.
-
-.. thumbnail:: /images/cloud-security/azure/log-analytics-app-1.png
-    :title: Log Analytics App
-    :align: center
-    :width: 100%
-
-Giving permissions to the application
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-1. Go to the **Overview** section and save the **Application (client) ID** for later authentication.
-
-.. thumbnail:: /images/cloud-security/azure/log-analytics-app-2.png
-    :title: Log Analytics App
-    :align: center
-    :width: 100%
-
-2. Go to the **API permissions** section and add the required permissions to the application.
-
-.. thumbnail:: /images/cloud-security/azure/log-analytics-app-3.png
-    :title: Log Analytics App
-    :align: center
-    :width: 100%
-
-3. Search for the **Log Analytics API**.
-
-.. thumbnail:: /images/cloud-security/azure/log-analytics-app-4.png
-    :title: Log Analytics App
-    :align: center
-    :width: 100%
-
-4. Select the **Read Log Analytics data** permission from **Applications permissions**.
-
-.. thumbnail:: /images/cloud-security/azure/log-analytics-app-5.png
-    :title: Log Analytics App
-    :align: center
-    :width: 100%
-
-5. Grant admin consent for the tenant domain used for the permission added in the previous step. This must be done by an admin user.
-
-.. thumbnail:: /images/cloud-security/azure/log-analytics-app-6.png
-    :title: Log Analytics App
-    :align: center
-    :width: 100%
-
-
-Giving the application access to the Log Analytics API
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-#. Access **Log Analytics workspaces** and create a new workspace or choose an existing one.
-
-   .. thumbnail:: /images/cloud-security/azure/log-analytics-workspace-1.png
-      :title: Log Analytics App
-      :align: center
-      :width: 100%
-
-#. In the **Overview** section, copy the ``Workspace Id`` value. The Wazuh configuration needs it to make requests to the API.
-
-   .. thumbnail:: /images/cloud-security/azure/log-analytics-workspace-2.png
-      :title: Log Analytics App
-      :align: center
-      :width: 100%
-
-#. In the **Access control (IAM)** section, click **Add** and select **Add role assignment** to add the required role to the application.
-
-   .. thumbnail:: /images/cloud-security/azure/log-analytics-workspace-3.png
-      :title: Log Analytics App
-      :align: center
-      :width: 100%
-
-#. In the **Role** tab, select the **Log Analytics Reader** role.
-
-   .. thumbnail:: /images/cloud-security/azure/log-analytics-workspace-4.png
-      :title: Log Analytics App
-      :align: center
-      :width: 100%
-
-#. In the **Members** tab, select **User, group, or service principal** under **Assign access to**. Then, click **Select members** under **Members** and find the App registration created previously.
-
-   .. thumbnail:: /images/cloud-security/azure/log-analytics-workspace-5.png
-      :title: Log Analytics App
-      :align: center
-      :width: 100%
-
-#. Click **Review + assign** to finish.
-
-Sending logs to the Workspace
------------------------------
-
-To collect logs and send them to the Log Analytics Workspace created in the previous steps, you need to create a **diagnostic setting**.
-
-#. Go back to **Microsoft Entra ID**, scroll down on the left menu bar, and select the **Diagnostic settings** section. Click on **Add diagnostic setting**.
-
-   .. thumbnail:: /images/cloud-security/azure/log-analytics-diagnostic-1.png
-      :title: Log Analytics App
-      :align: center
-      :width: 100%
-
-#. Choose the log categories you want to collect from, under **Logs Categories**. Check the **Send to Log Analytics workspace** option under **Destination details**. Select the Log Analytics Workspace you created in previous steps.
-
-   .. thumbnail:: /images/cloud-security/azure/log-analytics-diagnostic-2.png
-      :title: Log Analytics App
-      :align: center
-      :width: 100%
-
-#. Click on **Save**.
-
-Now, Azure Log Analytics can stream new logs in the selected categories to your workspace.
-
-Obtaining the application key for authentication
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Wazuh requires valid credentials to pull logs from Log Analytics. Take a look at the :ref:`credentials <graph_and_log_analytics_credentials>` section to learn how to generate a client secret so you can access the App registration.
-
-
-Azure Log Analytics use case
-----------------------------
-
-Here is an example of monitoring the activity of the infrastructure using the previously mentioned Azure application.
-
-Creating a user
-^^^^^^^^^^^^^^^
-
-An easy way to test this is to create a new user in Microsoft Entra ID. A few minutes after the creation of the user, a new log will be available for Log Analytics reflecting this change. The log can be checked using the ``AuditLogs`` query, by accessing **Log Analytics** and running the ``AuditLogs`` query.
-
-.. thumbnail:: /images/cloud-security/azure/log-analytics-new-user.png
-    :title: Log Analytics App
-    :align: center
-    :width: 100%
-
-Wazuh configuration
-^^^^^^^^^^^^^^^^^^^
-
-Proceed with configuring the ``azure-logs`` module in the local configuration (``ossec.conf``). The `key and ID of the application` saved during the configuration of the application will be used here, as well as the `workspace ID`. In this case, both fields were saved in a `file` for authentication. Check the :doc:`credentials </cloud-security/azure/activity-services/prerequisites/credentials>` reference for more information about this topic.
-
-Through the following configuration, Wazuh is ready to search for any query accepted by Azure Log Analytics. This example configuration includes a representative ``tag`` and will be scheduled for every Monday at 02:00, using an offset of one day, which means only the log data from the last day will be parsed:
-
-.. code-block:: xml
-
-    <wodle name="azure-logs">
-        <disabled>no</disabled>
-        <run_on_start>no</run_on_start>
-
-        <log_analytics>
-            <auth_path>/var/ossec/wodles/credentials/log_analytics_credentials</auth_path>
-            <tenantdomain>wazuh.onmicrosoft.com</tenantdomain>
-
-            <request>
-                <tag>azure-auditlogs</tag>
-                <query>AuditLogs</query>
-                <workspace>d6b...efa</workspace>
-                <time_offset>1d</time_offset>
-            </request>
-
-        </log_analytics>
-    </wodle>
-
-Check the reference for more information about the :doc:`Azure module </user-manual/reference/ossec-conf/wodle-azure-logs>`.
-
-.. warning:: The field ``tenantdomain`` is mandatory. It can be obtained from the **Overview** section in Microsoft Entra ID.
-
-Wazuh Rules
-^^^^^^^^^^^
-
-The following rules are already included in Wazuh by default. With them, it it possible to monitor the infrastructure activity and get the related alerts.
-
-.. code-block:: xml
-
-    <rule id="87801" level="5">
-        <decoded_as>json</decoded_as>
-        <field name="azure_tag">azure-log-analytics</field>
-        <description>Azure: Log analytics</description>
-    </rule>
-
-    <rule id="87810" level="3">
-        <if_sid>87801</if_sid>
-        <field name="Type">AzureActivity</field>
-        <description>Azure: Log analytics activity</description>
-    </rule>
-
-    <rule id="87811" level="3">
-        <if_sid>87810</if_sid>
-        <field name="OperationName">\.+</field>
-        <description>Azure: Log analytics: $(OperationName)</description>
-    </rule>
-
-
-Alert visualization
-^^^^^^^^^^^^^^^^^^^
-
-Once the Wazuh configuration is set and the ``azure-logs`` module is running using the previous configuration, the event will be processed. The results can be checked in the Wazuh dashboard:
-
-.. thumbnail:: /images/cloud-security/azure/new-user-event.png
-    :title: Log Analytics App
-    :align: center
-    :width: 100%
diff --git a/source/cloud-security/azure/activity-services/services/storage.rst b/source/cloud-security/azure/activity-services/services/storage.rst
deleted file mode 100644
index ad01617a87..0000000000
--- a/source/cloud-security/azure/activity-services/services/storage.rst
+++ /dev/null
@@ -1,143 +0,0 @@
-.. Copyright (C) 2015, Wazuh, Inc.
-
-.. meta::
-  :description: Azure Storage refers to the Microsoft Azure cloud storage solution. Learn how to use Azure Storage with Wazuh in this section of our documentation.
-
-.. _azure_storage:
-
-Using Azure Storage
-===================
-
-`Azure Storage <https://docs.microsoft.com/en-us/azure/storage/common/storage-introduction>`_ refers to the Microsoft Azure cloud storage solution, a service that provides a massively scalable object store for data objects, a messaging store for reliable messaging, a file system service for the cloud, and a NoSQL store.
-
-.. thumbnail:: /images/cloud-security/azure/storage-activity-log.png
-    :title: Storage
-    :align: center
-    :width: 60%
-
-As an alternative to the Azure Log Analytics REST API, Wazuh offers the possibility to access Azure Storage accounts in a simple way. The activity logs of the Microsoft Azure infrastructure can be exported to the storage accounts.
-
-This section explains how to use the Azure portal to archive the Azure activity log in a storage account and how to configure the ``azure-logs`` module. A use case is included to show a practical example. 
-
-
-Configuring the Activity log export
------------------------------------
-
-#. Click **Activity log** in the **Monitor** service menu. You can type ``activity`` in the search bar to find the option.
-
-   .. thumbnail:: /images/cloud-security/azure/storage-activity-4.png
-       :title: Storage
-       :align: center
-       :width: 80%
-
-#. Click **Export Activity logs**.
-
-   .. thumbnail:: /images/cloud-security/azure/storage-activity-1.png
-       :title: Storage
-       :align: center
-       :width: 80%
-
-#. Click **Add diagnostic setting**.
-
-   .. thumbnail:: /images/cloud-security/azure/storage-activity-2.png
-       :title: Storage
-       :align: center
-       :width: 80%
-
-#. Configure the following settings and click **Save**.
-
-   -  Tick **Administrative** checkbox.
-   -  Tick the **Archive to a storage account** checkbox.
-   -  Select your **Subscription**.
-   -  Select your **Storage account**.
-
-   .. thumbnail:: /images/cloud-security/azure/storage-activity-3.png
-       :title: Storage
-       :align: center
-       :width: 80%
-
-Azure Storage use case
-----------------------
-
-This is a basic example of how to monitor the activity of the infrastructure. A new user will be created, resulting in an Azure Activity Log that will be exported to Storage if the Activity Log export was configured successfully.
-
-Creating a user
-^^^^^^^^^^^^^^^
-
-An easy way to test this configuration is to create a new user in Microsoft Entra ID. A few minutes after the creation of the user, a new log will be available in a container named **insights-logs-auditlogs** inside the Storage account specified when configuring the Activity log export.
-
-.. thumbnail:: /images/cloud-security/azure/storage-new-user-1.png
-    :title: Storage
-    :align: center
-    :width: 80%
-
-.. thumbnail:: /images/cloud-security/azure/storage-new-user-2.png
-    :title: Storage
-    :align: center
-    :width: 80%
-
-Wazuh configuration
-^^^^^^^^^^^^^^^^^^^
-
-Proceed to configure the ``azure-logs`` module in the local configuration (``ossec.conf``). It is important to set the **account_name** and **account_key** of the Storage account to authenticate. This information can be found in the **Access keys** section of **Storage accounts**. Check the :doc:`credentials </cloud-security/azure/activity-services/prerequisites/credentials>` reference for more information about the different authentication options available.
-
-.. thumbnail:: /images/cloud-security/azure/account-credentials.png
-    :title: Storage
-    :align: center
-    :width: 80%
-
-Applying the following configuration, the integration will be executed every day using a credentials file for authentication. The ``insights-logs-auditlogs`` container content will be processed, downloading every blob available with the ``.json`` extension from the last ``24 hours``. The content for these blobs is expected to be in ``json_inline`` format.
-
-.. code-block:: xml
-
-    <wodle name="azure-logs">
-
-        <disabled>no</disabled>
-        <interval>1d</interval>
-        <run_on_start>yes</run_on_start>
-
-        <storage>
-
-                <auth_path>/home/manager/Azure/storage_auth.txt</auth_path>
-                <tag>azure-activity</tag>
-
-                <container name="insights-logs-auditlogs">
-                    <blobs>.json</blobs>
-                    <content_type>json_inline</content_type>
-                    <time_offset>24h</time_offset>
-                </container>
-
-        </storage>
-    </wodle>
-
-Check the :doc:`Azure module </user-manual/reference/ossec-conf/wodle-azure-logs>` reference page to learn more about the parameters available and how to use them.
-
-Wazuh rules
-^^^^^^^^^^^
-
-Thanks to the following rules, already included in the default Wazuh ruleset, it is possible to monitor the infrastructure activity and obtain related alerts:
-
-.. code-block:: xml
-
-    <rule id="87803" level="3">
-        <decoded_as>json</decoded_as>
-        <field name="azure_tag">azure-storage</field>
-        <description>Azure: Storage</description>
-    </rule>
-
-    <rule id="87813" level="3">
-        <if_sid>87803</if_sid>
-        <field name="operationName">\.+</field>
-        <description>Azure: Storage: $(OperationName)</description>
-    </rule>
-
-
-Alert visualization
-^^^^^^^^^^^^^^^^^^^
-
-Once the Wazuh configuration is set and the ``azure-logs`` module is running using the previous configuration, the event from the user creation example exported to Storage will be processed. The results can be checked in the Wazuh dashboard. 
-
-.. thumbnail:: /images/cloud-security/azure/storage.png
-    :title: Storage
-    :align: center
-    :width: 80%
\ No newline at end of file
diff --git a/source/cloud-security/azure/graph.rst b/source/cloud-security/azure/graph.rst
new file mode 100644
index 0000000000..a6fef069c8
--- /dev/null
+++ b/source/cloud-security/azure/graph.rst
@@ -0,0 +1,226 @@
+.. Copyright (C) 2015, Wazuh, Inc.
+
+.. meta::
+   :description: In this section, you will learn how to monitor your Microsoft Entra ID activity using the Microsoft Graph REST API.
+
+Microsoft Graph
+===============
+
+In this section, you will learn how to monitor your Microsoft Entra ID activity using the Microsoft Graph REST API. This section contains:
+
+-  :ref:`Azure configuration <azure_configuration>`
+-  :ref:`Wazuh configuration <wazuh_configuration>`
+-  :ref:`Microsoft Entra ID use case <microsoft_entra_ID_use_case>`
+
+The following are endpoints in the Microsoft Graph REST API related to auditing and monitoring activities in Microsoft Entra ID.
+
++---------------------------------------------------------------------------------------------------------------------------+-------------------------------+
+| **Report type**                                                                                                           | **Query**                     |
++---------------------------------------------------------------------------------------------------------------------------+-------------------------------+
+| `Directory audits <https://docs.microsoft.com/en-us/graph/api/directoryaudit-list?view=graph-rest-1.0&tabs=http>`_        | ``auditLogs/directoryaudits`` |
++---------------------------------------------------------------------------------------------------------------------------+-------------------------------+
+| `Sign-ins <https://docs.microsoft.com/en-us/graph/api/signin-list?view=graph-rest-1.0&tabs=http>`_                        | ``auditLogs/signIns``         |
++---------------------------------------------------------------------------------------------------------------------------+-------------------------------+
+| `Provisioning <https://docs.microsoft.com/en-us/graph/api/provisioningobjectsummary-list?view=graph-rest-1.0&tabs=http>`_ | ``auditLogs/provisioning``    |
++---------------------------------------------------------------------------------------------------------------------------+-------------------------------+
+
+These endpoints allow administrators and developers to monitor and audit activities within Microsoft Entra ID for security, compliance, and operational purposes.
+
+Wazuh can process Microsoft Entra ID activity reports using the above endpoints. Each one of them requires you to execute a different query. You will place these queries within the command block of your Wazuh module for Azure :ref:`configuration <wazuh_configuration>`.
+
+Configuration
+-------------
+
+.. _azure_configuration:
+
+Azure
+^^^^^
+
+Creating the application
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+This section explains creating an application using the Azure Log Analytics REST API. However, it is also possible to configure an existing application. If this is the case, skip this step.
+
+#. In the **Microsoft Entra ID** panel, select **App registrations**. Then, select **New registration**.
+
+   .. thumbnail:: /images/cloud-security/azure/new-app-registration2.png
+      :align: center
+      :width: 80%
+
+#. Give the app a descriptive name, select the appropriate **account type**, and click **Register**.
+
+   .. thumbnail:: /images/cloud-security/azure/register-application.png
+      :align: center
+      :width: 80%
+
+The app is now registered.
+
+.. thumbnail:: /images/cloud-security/azure/app-registrations.png
+   :align: center
+   :width: 80%
+
+Granting permissions to the application
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+#. Click on the application, go to the **Overview** section, and save the **Application (client) ID** for later authentication.
+
+   .. thumbnail:: /images/cloud-security/azure/save-application-ID2.png
+      :align: center
+      :width: 80%
+
+#. Select the **Add a permission** option in the **API permissions** section.
+
+   .. thumbnail:: /images/cloud-security/azure/add-api-permission2.png
+      :align: center
+      :width: 80%
+
+#. Search for *"Microsoft Graph"* and select the API.
+
+   .. thumbnail:: /images/cloud-security/azure/select-microsoft-graph-api.png
+      :align: center
+      :width: 80%
+
+#. Select the permissions in **Applications permissions** that align with your infrastructure. In this case, ``AuditLog.Read.All`` permissions will be granted. Then, click **Add permissions**.
+
+   .. thumbnail:: /images/cloud-security/azure/add-api-permissions.png
+      :align: center
+      :width: 80%
+
+#. Use an admin user to **Grant admin consent** for the tenant.
+
+   .. thumbnail:: /images/cloud-security/azure/grant-admin-consent2.png
+      :align: center
+      :width: 80%
+
+Obtaining the application key for authentication
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+To use the Log Analytics API to retrieve the logs, we must generate an application key to authenticate the Log Analytics API. Follow the steps below to generate the application key.
+
+#. Select **Certificates & secrets**, then select **New client secret** to generate a key.
+
+   .. thumbnail:: /images/cloud-security/azure/new-client-secret2.png
+      :align: center
+      :width: 80%
+
+#. Give an appropriate **description**, set a preferred duration for the key, and then click **Add**.
+
+   .. thumbnail:: /images/cloud-security/azure/add-client-secret2.png
+      :align: center
+      :width: 80%
+
+#. Copy the key **value**. This would be later used for authentication.
+
+   .. note::
+
+      Copy the key before exiting this page, as it will only be displayed once. If you do not copy it before exiting the page, you will have to generate a fresh key.
+
+   .. thumbnail:: /images/cloud-security/azure/copy-client-secret3.png
+      :align: center
+      :width: 80%
+
+.. _wazuh_configuration:
+
+Wazuh server or agent
+^^^^^^^^^^^^^^^^^^^^^
+
+You will use the ``key`` and ``ID`` of the application saved during the previous steps here. In this case, both fields were saved in a file for authentication. Check the :ref:`configure_azure_credentials` section for more information about this topic.
+
+#. Apply the following configuration to the local configuration file ``/var/ossec/etc/ossec.conf`` of the Wazuh server or agent. This will depend on where you configured the Wazuh module for Azure:
+
+   .. code-block:: xml
+      :emphasize-lines: 12
+
+      <wodle name="azure-logs">
+        <disabled>no</disabled>
+        <wday>Monday</wday>
+        <time>2:00</time>
+        <run_on_start>no</run_on_start>
+
+        <graph>
+          <auth_path>/var/ossec/wodles/azure/credentials</auth_path>
+          <tenantdomain>wazuh.com</tenantdomain>
+          <request>
+              <tag>microsoft-entra_id</tag>
+              <query>auditLogs/directoryAudits</query>
+              <time_offset>1d</time_offset>
+          </request>
+        </graph>
+
+      </wodle>
+
+   Where:
+
+   -  ``<auth_path>`` is the full path of where the workspace secret key is stored.
+   -  ``<tenantdomain>`` is the tenant domain name. You can obtain this from the **Overview** section in Microsoft Entra ID
+   -  ``<wday>`` is the day of the week scheduled for the scan
+   -  ``<query>`` is the path to where the audit logs are stored.
+   -  ``<time>`` is the time scheduled for the scan.
+   -  ``<time_offset>`` set to ``1d`` means that only the log data from the last day is parsed.
+
+#. Restart your Wazuh server or agent, depending on where you configured the Wazuh module for Azure.
+
+   Wazuh agent:
+
+   .. code-block:: console
+
+      # systemctl restart wazuh-agent
+
+   Wazuh server:
+
+   .. code-block:: console
+
+      # systemctl restart wazuh-manager
+
+Check the :doc:`Wazuh module for Azure </user-manual/reference/ossec-conf/wodle-azure-logs>` reference for more information about using the different available parameters. Please see the :ref:`wazuh_azure_authentication_file` section for guidance on how to set up credentials to monitor your Microsoft Entra ID.
+
+.. warning::
+
+   The field ``tenantdomain`` is mandatory. You can obtain it from the **Overview** section in **Microsoft Entra ID**.
+
+Use case
+^^^^^^^^
+
+.. _microsoft_entra_ID_use_case:
+
+Monitoring Microsoft Entra ID
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+`Microsoft Entra ID <https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis>`__ is the identity and directory management service that combines essential directory services, application access management, and identity protection in a single solution.
+
+Wazuh can monitor the Microsoft Entra ID (ME-ID) service using the activity reports provided by the `Microsoft Graph REST API <https://docs.microsoft.com/en-us/graph/overview>`__. Microsoft Graph API can perform read operations on directory data and objects on Microsoft Entra ID applications.
+
+.. thumbnail:: /images/cloud-security/azure/microsoft-entra-ID.png
+   :align: center
+   :width: 80%
+
+Here is an example of Microsoft Entra ID activity monitoring using the above configuration.
+
+Create a new user
+~~~~~~~~~~~~~~~~~
+
+Create a new user in Azure. A successful user creation activity will produce a log to reflect it. You can retrieve this log using the auditLogs/directoryAudits query.
+
+#. Navigate to **Users** > **All users**, select **New user** > **Create new user**.
+
+   .. thumbnail:: /images/cloud-security/azure/click-new-user.png
+      :align: center
+      :width: 80%
+
+#. Fill in the required details and click **Review + create**. The user is now created.
+
+You can check for the result of the successful user creation in the **Audit logs** section of **Microsoft Entra ID**.
+
+.. thumbnail:: /images/cloud-security/azure/user-creation-result.png
+   :align: center
+   :width: 80%
+
+Once the integration is running, the results will be available in the **Security Events** tab of the **Wazuh dashboard**.
+
+.. thumbnail:: /images/cloud-security/azure/ms-graph-results-in-wazuh-dashboard1.png
+   :align: center
+   :width: 80%
+
+.. thumbnail:: /images/cloud-security/azure/ms-graph-results-in-wazuh-dashboard2.png
+   :align: center
+   :width: 80%
diff --git a/source/cloud-security/azure/index.rst b/source/cloud-security/azure/index.rst
index 6177d439ed..34381409f3 100644
--- a/source/cloud-security/azure/index.rst
+++ b/source/cloud-security/azure/index.rst
@@ -1,22 +1,27 @@
 .. Copyright (C) 2015, Wazuh, Inc.
 
 .. meta::
-  :description: Learn more about how to use Wazuh to monitor Microsoft Azure infrastructures in this section of the Wazuh documentation. 
+   :description: This section provides instructions for monitoring Microsoft Azure infrastructures.
 
-Using Wazuh to monitor Microsoft Azure
-======================================
+Monitoring Microsoft Azure with Wazuh
+=====================================
 
-This section provides instructions for monitoring `Microsoft Azure` infrastructures, such as:
+Microsoft Azure is a cloud computing platform by Microsoft that offers a wide range of services, including computing power, storage options, and networking capabilities. It provides solutions for various applications such as virtual computing, analytics, storage, and networking, catering to the diverse needs of businesses and developers. Securing your cloud instance is an essential consideration for companies that use cloud services offered by cloud providers such as Microsoft Azure.
 
-- Monitoring instances by installing the Wazuh agent on them. This will send events to the Wazuh manager for analysis in order to classify the events within a range of alerts that can be easily viewed.
-- Monitoring the Azure Portal and its services, including platform logs from Azure services, logs, performance data from virtual machines, and usage and performance data from the applications.
-- Monitoring the Microsoft Entra ID (ME-ID) activity to discover how the Microsoft Entra ID services are accessed and used.
+Wazuh, an open source security monitoring platform, offers solutions for collecting and analyzing data generated by security and runtime events within Microsoft Azure environments. Integrating Wazuh with Microsoft Azure enhances the security posture of Azure deployments and ensures compliance with regulatory standards and operational integrity.
 
-.. topic:: Contents
+This section provides instructions for monitoring Microsoft Azure infrastructures, including:
 
-   .. toctree::
-      :maxdepth: 2
+-  Monitoring instances.
+-  Monitoring Azure platform and services using the Wazuh Azure Log Analytics, Azure Storage, or Graph services.
+-  Monitoring Microsoft Graph services with Wazuh.
 
-      monitoring-instances
-      activity-services/index
-      posture-management
+.. toctree::
+   :maxdepth: 2
+
+   monitoring-instances
+   platform-and-services
+   log-analytics
+   storage
+   graph
+   monitoring-ms-graph
diff --git a/source/cloud-security/azure/log-analytics.rst b/source/cloud-security/azure/log-analytics.rst
new file mode 100644
index 0000000000..5684541a37
--- /dev/null
+++ b/source/cloud-security/azure/log-analytics.rst
@@ -0,0 +1,241 @@
+.. Copyright (C) 2015, Wazuh, Inc.
+
+.. meta::
+   :description: This section shows how to set up a qualified application or client to use the Azure Log Analytics REST API and gives a use case.
+
+Microsoft Azure Log Analytics
+=============================
+
+`Microsoft Azure Log Analytics <https://learn.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-overview>`__ is a service that monitors your Microsoft Azure infrastructure, offering query capabilities that allow you to perform advanced searches specific to your data.
+
+The Azure Log Analytics solution helps you to analyze and search Azure activity logs in all your Azure subscriptions, providing information about the operations performed with the resources of your subscriptions.
+
+.. thumbnail:: /images/cloud-security/azure/log-analytics-activity-send.png
+   :align: center
+   :width: 80%
+
+You can query data collected by Log Analytics using the Azure Log Analytics REST API, which uses the Microsoft Entra ID authentication scheme. You need a qualified application or client to use the Azure Log Analytics REST API. You must configure this manually on the Microsoft Azure portal. The section below shows how to set up the application and gives a use case:
+
+-  `Setting up the application`_
+-  :ref:`Azure Log Analytics use case <azure_log_analtytics_use_case>`
+
+Configuration
+-------------
+
+Azure
+^^^^^
+
+Setting up the application
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The process below details creating an application using the Azure Log Analytics REST API. It is also possible to configure an existing application. Please skip the `Creating the application`_ step if you already have an existing application.
+
+Creating the application
+........................
+
+We navigate to the Microsoft Entra ID panel on the Microsoft Azure portal to create a new application for Azure Log Analytics.
+
+#. Select the **App registrations** option from the **Microsoft Entra ID** panel. Then, select **New registration**.
+
+   .. thumbnail:: /images/cloud-security/azure/new-app-registration.png
+      :align: center
+      :width: 80%
+
+#. Define the user-facing display name for the application and select **Register**.
+
+   .. thumbnail:: /images/cloud-security/azure/register-an-application.png
+      :align: center
+      :width: 80%
+
+Granting permissions to the application
+.......................................
+
+#. Select **All applications** from **App registration** and refresh it. The new application will appear. In our case, the display name is **LogAnalyticsApp**.
+
+   .. thumbnail:: /images/cloud-security/azure/application-display-name.png
+      :align: center
+      :width: 80%
+
+#. Go to the **Overview** section and save the **Application (client) ID** for later authentication.
+
+   .. thumbnail:: /images/cloud-security/azure/save-application-ID.png
+      :align: center
+      :width: 80%
+
+#. Go to the **API permissions** section and add the **Data.Read** permission to the application.
+
+   .. thumbnail:: /images/cloud-security/azure/add-api-permission.png
+      :align: center
+      :width: 80%
+
+#. Search for the **Log Analytics API**.
+
+   .. thumbnail:: /images/cloud-security/azure/search-log-analytics-api.png
+      :align: center
+      :width: 80%
+
+#. Select the **Read Log Analytics** data permission from Applications permissions.
+
+   .. thumbnail:: /images/cloud-security/azure/select-read-log-analytics.png
+      :align: center
+      :width: 80%
+
+#. Use an admin user to **Grant admin consent** for the tenant.
+
+   .. thumbnail:: /images/cloud-security/azure/grant-admin-consent.png
+      :align: center
+      :width: 80%
+
+Granting the application access to the Azure Log Analytics API
+..............................................................
+
+#. Access **Log Analytics workspaces** and create a new workspace or choose an existing one.
+
+   .. thumbnail:: /images/cloud-security/azure/create-log-analytics-workspace.png
+      :align: center
+      :width: 80%
+
+#. Copy the ``Workspace ID`` value from the **Overview** section.
+
+   .. thumbnail:: /images/cloud-security/azure/copy-workspace-ID.png
+      :align: center
+      :width: 80%
+
+#. Go to the **Access control (IAM)** section, click **Add** and select **Add role assignment** to add the required role to the application.
+
+   .. thumbnail:: /images/cloud-security/azure/add-role-assignment.png
+      :align: center
+      :width: 80%
+
+#. Select the **Log Analytics Reader** role from the **Job functions role** tab.
+
+   .. thumbnail:: /images/cloud-security/azure/select-reader-role.png
+      :align: center
+      :width: 80%
+
+#. Select **User, group, or service principal** from the **Members** tab. Click **Select members** and find the App registration created previously.
+
+   .. thumbnail:: /images/cloud-security/azure/select-members.png
+      :align: center
+      :width: 80%
+
+#. Click **Review + assign** to finish.
+
+Sending logs to the Workspace
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+You need to create a diagnostic setting to collect logs and send them to the Azure Log Analytics Workspace created in the previous steps.
+
+#. Return to **Microsoft Entra ID**, scroll down on the left menu bar, and select the **Diagnostic settings** section.
+
+#. Click on **Add diagnostic setting**.
+
+   .. thumbnail:: /images/cloud-security/azure/add-diagnostic-setting.png
+      :align: center
+      :width: 80%
+
+#. Choose the log categories you want to collect from under **Categories**. Check the **Send to Log Analytics workspace** option under **Destination details**. Select the **Log Analytics Workspace** you created in the previous steps.
+
+   .. thumbnail:: /images/cloud-security/azure/choose-categories.png
+      :align: center
+      :width: 80%
+
+#. Click on **Save**.
+
+Azure Log Analytics will stream the selected categories to your workspace.
+
+Wazuh requires valid credentials to pull logs from Azure Log Analytics. Look at the :ref:`credentials <configure_azure_credentials>` section to learn how to generate a client secret to access the App registration.
+
+Wazuh server or agent
+^^^^^^^^^^^^^^^^^^^^^
+
+You need to authorize the Wazuh module for Azure to access your Azure Log Analytics. For more information about setting up authorization, see the :ref:`configure_azure_credentials` section.
+
+#. Apply the following configuration to the local configuration file ``/var/ossec/etc/ossec.conf`` of the Wazuh server or agent. This will depend on where you configured the Wazuh module for Azure:
+
+   .. code-block:: xml
+
+      <wodle name="azure-logs">
+          <disabled>no</disabled>
+          <run_on_start>no</run_on_start>
+
+          <log_analytics>
+              <auth_path>/var/ossec/wodles/credentials/log_analytics_credentials</auth_path>
+              <tenantdomain>wazuh.com</tenantdomain>
+
+              <request>
+                  <tag>azure-auditlogs</tag>
+                  <query>AuditLogs</query>
+                  <workspace>d6b...efa</workspace>
+                  <time_offset>1d</time_offset>
+              </request>
+
+          </log_analytics>
+      </wodle>
+
+   Where:
+
+   -  ``<auth_path>`` is the full path of where the workspace secret key is stored.
+   -  ``<tenantdomain>`` is the tenant domain name. You can obtain this from the Overview section in Microsoft Entra ID.
+   -  ``<workspace>`` is the workspace ID that you need for authentication.
+   -  ``<time_offset>`` is the timeframe dated backwards. In this case, all logs within a 24-hour timeframe will be downloaded.
+
+#. Restart your Wazuh server or agent, depending on where you configured the Wazuh module for Azure.
+
+   Wazuh agent:
+
+   .. code-block:: console
+
+      # systemctl restart wazuh-agent
+
+   Wazuh server:
+
+   .. code-block:: console
+
+      # systemctl restart wazuh-manager
+
+The configuration above allows Wazuh to search through any query using the ``tag`` value as the identifier.
+
+Check the reference for more information about the :doc:`Wazuh module for Azure </user-manual/reference/ossec-conf/wodle-azure-logs>`.
+
+.. _azure_log_analtytics_use_case:
+
+Use case
+^^^^^^^^
+
+Here is an example of monitoring the infrastructure activity using the previously created Azure application.
+
+.. _log_analytics_use_case_creating_user:
+
+Creating a user
+~~~~~~~~~~~~~~~
+
+Follow the steps outlined below to create a user on Microsoft Entra ID:
+
+#. Navigate to **Entra ID** and select **All users**.
+#. Click on **New User**.
+
+   .. thumbnail:: /images/cloud-security/azure/click-new-user.png
+      :align: center
+      :width: 80%
+
+#. Choose the option to **Create a new user**.
+
+   .. thumbnail:: /images/cloud-security/azure/create-new-user.png
+      :align: center
+      :width: 80%
+
+#. Provide the necessary details for the user you want to create, and then choose the **Create** option to complete the creation.
+
+   .. thumbnail:: /images/cloud-security/azure/create-new-user2.png
+      :align: center
+      :width: 80%
+
+Visualizing the events on the Wazuh dashboard
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Once set up, you can check the results in the Wazuh dashboard.
+
+.. thumbnail:: /images/cloud-security/azure/results-in-wazuh-dashboard.png
+   :align: center
+   :width: 80%
diff --git a/source/cloud-security/azure/monitoring-instances.rst b/source/cloud-security/azure/monitoring-instances.rst
index cb705c98f5..516f08cef4 100644
--- a/source/cloud-security/azure/monitoring-instances.rst
+++ b/source/cloud-security/azure/monitoring-instances.rst
@@ -1,23 +1,13 @@
 .. Copyright (C) 2015, Wazuh, Inc.
 
 .. meta::
-  :description: Discover the numerous ways that Wazuh provides to monitor your Microsoft Azure instances in this section of the Wazuh documentation.
-
-.. _azure_monitoring_instances:
-
+   :description: Installing the Wazuh agent on the virtual machines in your Microsoft Azure environment enables early detection of potential threats and operational issues in dynamic cloud environments.
 
 Monitoring instances
 ====================
 
-In order to know what happens on the virtual machines of our infrastructure, we will carry out the installation of the Wazuh agent in those we want to monitor.
-
-The Wazuh agent runs on the hosts that you want to monitor (Windows, Linux, Solaris, BSD, and macOS operating systems). It is used to collect different types of system and application data that forwards to the Wazuh server through an encrypted and authenticated channel. In order to establish this secure channel, a registration process involving unique pre-shared keys is utilized.
-
-The Wazuh agent is multiplatform and provides the following capabilities:
+The Wazuh agent is cross-platform compatible, meaning it can run on various operating systems, including Windows, Linux, Solaris, BSD, and macOS. It collects data on different systems and applications and ensures the instance benefits from other Wazuh capabilities, such as File Integrity Monitoring (FIM) and Security Configuration Assessment (SCA). This data is sent to the Wazuh server through an encrypted and authenticated channel. A unique pre-shared key registration process establishes this secure channel.
 
-- Log data collection
-- File integrity monitoring
-- Rootkit and malware detection
-- Security policy monitoring
+You can install the Wazuh agent on the virtual machines in your Microsoft Azure environment. Monitoring cloud virtual machines using the Wazuh agent is beneficial because it ensures comprehensive security and performance oversight, enabling early detection of potential threats and operational issues in dynamic cloud environments.
 
-.. note:: You can find instructions to install the Wazuh agent on different Operating Systems in :doc:`this section </installation-guide/wazuh-agent/index>`.
+Check the :doc:`Wazuh agent installation </installation-guide/wazuh-agent/index>` and :doc:`enrollment </user-manual/agent/agent-enrollment/index>` documentation to learn more about the Wazuh agents. Additionally, read about Wazuh SIEM and XDR capabilities and their configuration in our :doc:`capabilities </user-manual/capabilities/index>` documentation.
diff --git a/source/cloud-security/azure/monitoring-ms-graph.rst b/source/cloud-security/azure/monitoring-ms-graph.rst
new file mode 100644
index 0000000000..a1ffa10c66
--- /dev/null
+++ b/source/cloud-security/azure/monitoring-ms-graph.rst
@@ -0,0 +1,47 @@
+.. Copyright (C) 2015, Wazuh, Inc.
+
+.. meta::
+   :description: This section provides instructions for monitoring your organization's Microsoft Graph API resources and relationships using the Wazuh module for Microsoft Graph.
+
+Monitoring Microsoft Graph services with Wazuh
+==============================================
+
+The Microsoft Graph API is a comprehensive API system that provides access to data across the full suite of Microsoft cloud services, including but not limited to Microsoft 365, Azure, Dynamics 365, and various other Microsoft cloud components. It is an endpoint for accessing structured data, insights, and rich relationships from the Microsoft Cloud ecosystem.
+
+This section provides instructions for monitoring your organization's Microsoft Graph API resources and relationships using the Wazuh module for Microsoft Graph.
+
+Currently, the Wazuh module for Microsoft Graph allows you to monitor the following with Wazuh:
+
+-  Microsoft Entra ID Protection
+-  Microsoft 365 Defender
+-  Microsoft Defender for Cloud Apps
+-  Microsoft Defender for Endpoint
+-  Microsoft Defender for Identity
+-  Microsoft Defender for Office 365
+-  Microsoft Purview eDiscovery
+-  Microsoft Purview Data Loss Prevention (DLP)
+
+While these are fundamental to the security resource, you can monitor many additional resources using the Microsoft Graph API. See the `Overview of Microsoft Graph <https://learn.microsoft.com/en-us/graph/overview?view=graph-rest-1.0>`__ documentation to learn more.
+
+.. note::
+
+   The security resource can be considered mature, as it has been tested with pre-made rules. However, your organization can ingest logs from other resources to your Wazuh deployment.
+
+.. _retrieving_content:
+
+**Retrieving content**
+
+To retrieve a set of logs from Microsoft Graph, make a ``GET`` request using the URL below:
+
+.. code-block:: none
+
+   GET https://graph.microsoft.com/{version}/{resource}/{relationship}?{query-parameters}
+
+A description of the current production version of the Microsoft Graph API can be found in the `Overview of Microsoft Graph <https://learn.microsoft.com/en-us/graph/overview?view=graph-rest-1.0>`__.
+
+Alternatively, the API can be directly experimented with through `Microsoft Graph Explorer <https://developer.microsoft.com/graph/graph-explorer>`__.
+
+.. toctree::
+   :maxdepth: 2
+
+   ms-graph-api-setup
diff --git a/source/cloud-security/azure/ms-graph-api-setup.rst b/source/cloud-security/azure/ms-graph-api-setup.rst
new file mode 100644
index 0000000000..d7d07ca3c5
--- /dev/null
+++ b/source/cloud-security/azure/ms-graph-api-setup.rst
@@ -0,0 +1,264 @@
+.. Copyright (C) 2015, Wazuh, Inc.
+
+.. meta::
+   :description: Wazuh must be authorized before it can pull logs and other content from the Microsoft Graph API.
+
+Microsoft Graph API setup
+=========================
+
+Wazuh must be authorized before it can pull logs and other content from the Microsoft Graph API. This authentication process is possible using the ``tenant_id``, ``client_id``, and ``secret_value`` of an authorized application, which we will register through Azure.
+
+Registering your app
+--------------------
+
+#. Register an application to authenticate with the Microsoft identity platform endpoint.
+
+   .. thumbnail:: /images/cloud-security/azure/new-app-registration.png
+      :align: center
+      :width: 80%
+
+#. Fill in the name of your app, choose the desired **account type**, and click on the **Register** button:
+
+   .. thumbnail:: /images/cloud-security/ms-graph/register-application.png
+      :align: center
+      :width: 80%
+
+The app is now registered; you can see information about it in its **Overview** section. Make sure to note down the ``client_id`` and ``tenant_id`` information:
+
+.. thumbnail:: /images/cloud-security/ms-graph/note-down-information.png
+   :align: center
+   :width: 80%
+
+Certificates & secrets
+----------------------
+
+#. Generate a secret you will use for the authentication process. Go to **Certificates & secrets** and click on **New client secret**, which will then generate the secret and its ID:
+
+   .. thumbnail:: /images/cloud-security/ms-graph/add-new-client-secret.png
+      :align: center
+      :width: 80%
+
+#. Ensure to copy and save the ``secret_value`` information:
+
+   .. thumbnail:: /images/cloud-security/ms-graph/save-secret.png
+      :align: center
+      :width: 80%
+
+   .. note::
+
+      Ensure you write down the secret's value section because the UI won't let you copy it afterward.
+
+API permissions
+---------------
+
+Your application needs specific API permissions to retrieve logs and events from the Microsoft Graph API.
+
+To configure the application permissions, go to the **API permissions** page and choose **Add a permission**.
+
+#. Select **Microsoft Graph API** and click on **Application permissions**.
+#. Add the following relationships' permissions under the **SecurityAlert** and **SecurityIncident** sections:
+
+   -  ``SecurityAlert.Read.All``: This permission is required to read security alerts from the ``/security/alerts_v2`` API on your tenant.
+   -  ``SecurityIncident.Read.All``: This permission is required to read security incident data, including associated events/alerts from the ``/security/incidents`` API on your tenant.
+
+   .. thumbnail:: /images/cloud-security/ms-graph/add-api-permissions.png
+      :align: center
+      :width: 80%
+
+   .. note::
+
+      Admin consent is required for API permission changes.
+
+Wazuh server or agent
+---------------------
+
+Next, we will see the necessary configuration to allow the integration to successfully pull logs from the Microsoft Graph API.
+
+#. Apply the following configuration to the local configuration file ``/var/ossec/etc/ossec.conf``:
+
+   .. code-block:: xml
+
+      <ms-graph>
+          <enabled>yes</enabled>
+          <only_future_events>yes</only_future_events>
+          <curl_max_size>10M</curl_max_size>
+          <run_on_start>yes</run_on_start>
+          <interval>5m</interval>
+          <version>v1.0</version>
+          <api_auth>
+            <client_id>your_client_id</client_id>
+            <tenant_id>your_tenant_id</tenant_id>
+            <secret_value>your_secret_value</secret_value>
+            <api_type>global</api_type>
+          </api_auth>
+          <resource>
+            <name>security</name>
+            <relationship>alerts_v2</relationship>
+            <relationship>incidents</relationship>
+          </resource>
+      </ms-graph>
+
+   In this case, we will search for ``alerts_v2`` and incidents within the security resource at an interval of ``5m``. The logs will only be created after the Wazuh module for Microsoft Graph starts.
+
+   Where:
+
+   -  ``<client_id>`` (also known as an Application ID) is the unique identifier of your registered application.
+   -  ``<tenant_id>`` (also known as Directory ID) is the unique identifier for your Azure tenant
+   -  ``<secret_value>`` is the value of the client secret. It is used to authenticate the registered app on the Azure tenant.
+   -  ``<api_type>`` specifies the type of Microsoft 365 subscription plan the tenant uses. global refers to either a commercial or GCC tenant.
+   -  ``<name>`` specifies the resource's name (i.e., specific API endpoint) to query for logs.
+   -  ``<relationship>`` specifies the types of content (relationships) to obtain logs for.
+
+   .. note::
+
+      Multi-tenant is not supported. You can only configure one block of ``api_auth``. To learn more about the Wazuh module for Microsoft Graph options, see the :doc:`ms-graph </user-manual/reference/ossec-conf/ms-graph-module>` reference.
+
+Use case
+--------
+
+Using the configuration mentioned above, we examine a malicious email as an example of a security event.
+
+Monitoring security resources
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+One of the more ubiquitous alerts that an organization of any size receives is spam emails. In this case, we can specifically examine an example of a spam email containing malicious content and examine how Microsoft Graph & Wazuh report on this information.
+
+We can set up the Wazuh module for Microsoft Graph to monitor the security resource and the ``alerts_v2`` relationship within our Microsoft 365 tenant described in :ref:`Retrieving content <retrieving_content>`. We also enable **Microsoft Defender for Office 365** within the Microsoft 365 tenant. Microsoft Defender for Office 365 monitors email messages for threats such as spam and malicious attachments.
+
+Detect malicious email
+^^^^^^^^^^^^^^^^^^^^^^
+
+Enable Microsoft Defender for Office 365 and send a malicious email to an email address in the monitored domain. A malicious email detection activity will produce a log that can be accessed using the ``alerts_v2`` relationship within the Microsoft 365 tenant.
+
+#. Login to `Microsoft 365 Defender portal <https://security.microsoft.com/>`__ using an admin account.
+#. Navigate to **Policies & rules** > **Threat policies** > **Preset Security Policies**.
+#. Toggle the **Standard protection is off** button under **Standard protection**.
+#. Click on **Manage protection settings** and follow the prompt to set up the policies.
+
+When Microsoft Defender for Office 365 detects a malicious email event, a log similar to the following is generated. You can view this event using the **Alerts** tab of the Microsoft Defender for Office 365 page:
+
+   .. code-block:: none
+      :class: output
+
+      {
+          "id":"xxxx-xxxx-xxxx-xxxx-xxxx",
+          "providerAlertId":"xxxx-xxxx-xxxx-xxxx-xxxx",
+          "incidentId":"xx",
+          "status":"resolved",
+          "severity":"informational",
+          "classification":"truePositive",
+          "determination":null,
+          "serviceSource":"microsoftDefenderForOffice365",
+          "detectionSource":"microsoftDefenderForOffice365",
+          "detectorId":"xxxx-xxxx-xxxx-xxxx-xxxx",
+          "tenantId":"xxxx-xxxx-xxxx-xxxx-xxxx",
+          "title":"Email messages containing malicious file removed after delivery.",
+          "description":"Emails with malicious file that were delivered and later removed -V1.0.0.3",
+          "recommendedActions":"",
+          "category":"InitialAccess",
+          "assignedTo":"Automation",
+          "alertWebUrl":"https://security.microsoft.com/alerts/xxxx-xxxx-xxxx-xxxx-xxxx?tid=xxxx-xxxx-xxxx-xxxx-xxxx",
+          "incidentWebUrl":"https://security.microsoft.com/incidents/xx?tid=xxxx-xxxx-xxxx-xxxx-xxxx",
+          "actorDisplayName":null,
+          "threatDisplayName":null,
+          "threatFamilyName":null,
+          "mitreTechniques":[
+              "T1566.001"
+          ],
+          "createdDateTime":"2022-11-13T23:48:21.9847068Z",
+          "lastUpdateDateTime":"2022-11-14T00:08:37.5366667Z",
+          "resolvedDateTime":"2022-11-14T00:07:25.7033333Z",
+          "firstActivityDateTime":"2022-11-13T23:45:41.0593397Z",
+          "lastActivityDateTime":"2022-11-13T23:47:41.0593397Z",
+          "comments":[
+
+          ],
+          "evidence":[
+              {
+                  "_comment":"Snipped"
+              }
+          ]
+      }
+
+
+The Wazuh module for Microsoft Graph retrieves this log via Microsoft Graph API. This log matches an out-of-the-box rule with ID ``99506``. This triggers an alert with the following details:
+
+   .. code-block:: none
+      :class: output
+
+      {
+          "timestamp":"2024-08-29T14:53:15.301+0000",
+          "rule":{
+              "id":"99506",
+
+
+                 "level":6,
+
+
+                 "description":"MS Graph message: The alert is true positive and detected malicious activity.",
+                  "groups":["ms-graph"],
+                  "firedtimes":1,
+                  "mail":"false"
+          },
+          "agent":{
+              "id":"001",
+              "name":"ubuntu-bionic"
+          },
+          "manager":{
+              "name":"ubuntu-bionic"
+          },
+          "id":"1623276774.47272",
+          "decoder":{
+              "name":"json"
+          },
+          "data":{
+              "integration":"ms-graph",
+              "ms-graph":{
+                  "id":"xxxx-xxxx-xxxx-xxxx-xxxx",
+                  "providerAlertId":"xxxx-xxxx-xxxx-xxxx-xxxx",
+                  "incidentId":"91",
+                  "status":"resolved",
+                  "severity":"informational",
+                  "classification":"truePositive",
+                  "determination":null,
+                  "serviceSource":"microsoftDefenderForOffice365",
+                  "detectionSource":"microsoftDefenderForOffice365",
+                  "detectorId":"xxxx-xxxx-xxxx-xxxx-xxxx",
+                  "tenantId":"xxxx-xxxx-xxxx-xxxx-xxxx",
+                  "title":"Email messages containing malicious file removed after delivery.",
+                  "description":"Emails with malicious file that were delivered and later removed -V1.0.0.3",
+                  "recommendedActions":"",
+                  "category":"InitialAccess",
+                  "assignedTo":"Automation",
+                  "alertWebUrl":"https://security.microsoft.com/alerts/xxxx-xxxx-xxxx-xxxx-xxxx?tid=xxxx-xxxx-xxxx-xxxx-xxxx",
+                  "incidentWebUrl":"https://security.microsoft.com/incidents/91?tid=xxxx-xxxx-xxxx-xxxx-xxxx",
+                  "actorDisplayName":null,
+                  "threatDisplayName":null,
+                  "threatFamilyName":null,
+                  "resource":"security",
+                  "relationship":"alerts_v2",
+                  "mitreTechniques":[
+                      "T1566.001"
+                  ],
+                  "createdDateTime":"2022-11-13T23:48:21.9847068Z",
+                  "lastUpdateDateTime":"2022-11-14T00:08:37.5366667Z",
+                  "resolvedDateTime":"2022-11-14T00:07:25.7033333Z",
+                  "firstActivityDateTime":"2022-11-13T23:45:41.0593397Z",
+                  "lastActivityDateTime":"2022-11-13T23:47:41.0593397Z",
+                  "comments":[
+
+                  ],
+                  "evidence":[
+                      {
+                          "_comment":"Snipped"
+                      }
+                  ]
+              }
+          }
+      }
+
+The alert is seen on the Wazuh dashboard.
+
+.. thumbnail:: /images/cloud-security/ms-graph/alert-on-wazuh-dashboard.png
+   :align: center
+   :width: 80%
diff --git a/source/cloud-security/azure/platform-and-services.rst b/source/cloud-security/azure/platform-and-services.rst
new file mode 100644
index 0000000000..b69e95c541
--- /dev/null
+++ b/source/cloud-security/azure/platform-and-services.rst
@@ -0,0 +1,218 @@
+.. Copyright (C) 2015, Wazuh, Inc.
+
+.. meta::
+   :description: The Wazuh module for Azure enables centralized logging, threat detection, and compliance management of your Microsoft Azure environments from your Wazuh deployment.
+
+Monitoring Azure platform and services
+======================================
+
+The `Azure Monitor Logs <https://docs.microsoft.com/en-us/azure/azure-monitor/logs/data-platform-logs>`__ collects and organizes logs and performance data from monitored resources, including Azure services, virtual machines, and applications. This insight is sent to Wazuh using the Azure Log Analytics REST API or by directly accessing the contents of a Microsoft Azure Storage account. The Wazuh module for Azure enables centralized logging, threat detection, and compliance management of your Microsoft Azure environments from your Wazuh deployment.
+
+The Wazuh module for Azure requires dependencies and credentials to access your Microsoft Azure logs. These dependencies are available by default on the Wazuh manager, but you must install them when you use a Wazuh agent for the integration. Take a look at the `Prerequisites`_ section before proceeding.
+
+Prerequisites
+-------------
+
+Installing dependencies
+^^^^^^^^^^^^^^^^^^^^^^^
+
+.. |service| replace:: Azure
+
+.. include:: /_templates/cloud/notes.rst
+
+Python
+~~~~~~
+
+.. |py_cloud_cont_min| replace:: |PYTHON_CLOUD_CONTAINERS_MIN|
+.. |py_cloud_cont_max| replace:: |PYTHON_CLOUD_CONTAINERS_MAX|
+
+.. include:: /_templates/cloud/python_installation.rst
+
+.. |module_script| replace:: ``/var/ossec/wodles/azure/azure-logs``
+
+.. include:: /_templates/cloud/pip_installation.rst
+
+Azure Storage client library for Python
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+You need the libraries in the command below to set up your Wazuh agent endpoint and monitor your Microsoft Azure platform and services.
+
+.. tabs::
+
+   .. group-tab:: Python 3.8–3.10
+
+      .. code-block:: console
+
+         # pip3 install azure-storage-blob==12.20.0 azure-storage-common==2.1.0 azure-common==1.1.25 cryptography==3.3.2 cffi==1.14.4 pycparser==2.20 six==1.14.0 python-dateutil==2.8.1 requests==2.25.1 certifi==2022.12.07 chardet==3.0.4 idna==2.9 urllib3==1.26.18 SQLAlchemy==2.0.23 pytz==2020.1
+
+   .. group-tab:: Python 3.11–3.12
+
+      .. code-block:: console
+
+         # pip3 install --break-system-packages azure-storage-blob==12.20.0 azure-storage-common==2.1.0 azure-common==1.1.25 cryptography==3.3.2 cffi==1.14.4 pycparser==2.20 six==1.14.0 python-dateutil==2.8.1 requests==2.25.1 certifi==2022.12.07 chardet==3.0.4 idna==2.9 urllib3==1.26.18 SQLAlchemy==2.0.23 pytz==2020.1
+
+      .. note::
+
+         If you use a virtual environment, remove the ``--break-system-packages`` parameter from the above command.
+
+.. _configure_azure_credentials:
+
+Configuring Azure credentials
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The :doc:`Wazuh module for Azure </user-manual/reference/ossec-conf/wodle-azure-logs>` must have access credentials to connect to Azure successfully. The credentials required vary depending on the type of monitoring. These include:
+
+-  Access credentials for Microsoft Graph and Azure Log Analytics
+-  Access credentials for Microsoft Azure Storage
+
+The following sections provide an overview of how you can create these credentials.
+
+.. _graph_and_log_analytics_credentials:
+
+Getting access credentials for Microsoft Graph and Azure Log Analytics
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+You need valid application_id and application_key values to authenticate connection from the Wazuh module for Azure.
+
+Follow the steps below to obtain an ``application_id`` and ``application_key``:
+
+#. Go to Microsoft Entra ID and navigate to the registered application.
+
+   .. thumbnail:: /images/cloud-security/azure/navigate-to-registered-application.png
+      :align: center
+      :width: 80%
+
+#. Go to the **Certificates & secrets** section of the chosen application, then generate a secret key by selecting **New client secret**.
+
+   .. thumbnail:: /images/cloud-security/azure/new-client-secret.png
+      :align: center
+      :width: 80%
+
+#. Give the key a descriptive name and specify the duration for which the key should remain active, then select **Add**.
+
+   .. thumbnail:: /images/cloud-security/azure/add-client-secret.png
+      :align: center
+      :width: 80%
+
+#. Copy the ``Value`` and the ``Secret ID``. Ensure you securely store these values, as you can only view them once. The ``Value`` is the ``application_key``.
+
+   .. thumbnail:: /images/cloud-security/azure/copy-client-secret.png
+      :align: center
+      :width: 80%
+
+#. Copy the ``application_id`` value for your registered application from the **Overview** section.
+
+   .. thumbnail:: /images/cloud-security/azure/copy-client-secret2.png
+      :align: center
+      :width: 80%
+
+.. _getting_access_credentials:
+
+Getting access credentials for Microsoft Azure Storage
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The Microsoft Azure Storage requires valid ``account_name`` and ``account_key`` values. You can obtain them in the **Access keys** section of **Storage accounts** on your Azure environment. Follow the Microsoft guide to `create a storage account <https://learn.microsoft.com/en-us/azure/storage/common/storage-account-create?tabs=azure-portal>`__.
+
+The section below shows the steps to retrieving the Microsoft Azure Storage account key.
+
+#. Go to the **Storage accounts** section of your Microsoft Azure environment and select the account of interest.
+
+   .. thumbnail:: /images/cloud-security/azure/select-storage-account.png
+      :align: center
+      :width: 80%
+
+#. Navigate to **Access keys** located on the left pane to access the ``account_name`` and ``account_key`` values.
+
+   .. thumbnail:: /images/cloud-security/azure/navigate-to-access-keys.png
+      :align: center
+      :width: 80%
+
+.. _wazuh_azure_authentication_file:
+
+Wazuh Azure authentication file
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+To authenticate your Microsoft Azure environment to Wazuh, you must store your credentials in a file using the format ``field = value``.
+
+The fields expected to be present in the credentials file depend on the type of service or activity you are monitoring.
+
+Microsoft Azure Log Analytics and Graph
+.......................................
+
+The file must contain only two lines, one for the ``application_id`` and another for the ``application_key`` obtained previously:
+
+.. code-block:: ini
+
+   application_id = <YOUR_APPLICATION_ID>
+   application_key = <YOUR_APPLICATION_KEY>
+
+Microsoft Azure Storage
+.......................
+
+The file must contain only two lines, one for the ``account_name`` and the other one for the ``account_key`` obtained previously:
+
+.. code-block:: ini
+
+   account_name = <YOUR_ACCOUNT_NAME>
+   account_key = <YOUR_ACCOUNT_KEY>
+
+Specify the authentication file in the ``/var/ossec/etc/ossec.conf`` configuration file using the ``<auth_path>`` tag, regardless of the service or activity you monitor. Take a look at the following example:
+
+.. code-block:: xml
+   :emphasize-lines: 6, 16, 25
+
+   <wodle name="azure-logs">
+     <disabled>no</disabled>
+     <run_on_start>yes</run_on_start>
+
+     <log_analytics>
+        <auth_path>/var/ossec/wodles/credentials/log_analytics_credentials</auth_path>
+         <tenantdomain>wazuh.com</tenantdomain>
+         <request>
+             <query>AzureActivity</query>
+             <workspace>12345678-90ab-cdef-1234-567890abcdef</workspace>
+             <time_offset>1d</time_offset>
+         </request>
+     </log_analytics>
+
+     <graph>
+        <auth_path>/var/ossec/wodles/credentials/graph_credentials</auth_path>
+         <tenantdomain>wazuh.com</tenantdomain>
+         <request>
+             <query>auditLogs/directoryAudits</query>
+             <time_offset>1d</time_offset>
+         </request>
+     </graph>
+
+   <storage>
+        <auth_path>/var/ossec/wodles/credentials/storage_credentials</auth_path>
+         <container name="insights-activity-logs">
+             <blobs>.json</blobs>
+             <content_type>json_inline</content_type>
+             <time_offset>24h</time_offset>
+         </container>
+     </storage>
+   </wodle>
+
+For more information on ``<auth_path>``, look at the :doc:`Wazuh module for Azure </user-manual/reference/ossec-conf/wodle-azure-logs>` reference page.
+
+Adding more than one ``request`` block simultaneously in the same configuration is possible. The Wazuh module for Azure would process each request sequentially. The above configuration is an example. It includes Microsoft Azure Log Analytics, Graph, and Storage configuration blocks.
+
+Reparse
+~~~~~~~
+
+.. warning::
+
+   The ``reparse`` option will fetch and process all the logs from the starting date until the present. This process may generate duplicate alerts.
+
+To fetch and process older Azure logs, you must run the Wazuh module for Azure using the ``--reparse`` option.
+
+The ``la_time_offset`` value sets the time as an offset for the starting point. If you don't provide a ``la_time_offset`` value, the Wazuh module for Azure returns to the date it processed the first file.
+
+The following code block shows an example of running the Wazuh module for Azure on a Wazuh manager using the ``--reparse`` option:
+
+.. code-block:: console
+
+   # /var/ossec/wodles/azure/azure-logs --log_analytics --la_auth_path credentials_example --la_tenant_domain 'wazuh.example.domain' --la_tag azure-activity --la_query "AzureActivity" --workspace example-workspace --la_time_offset 50d --debug 2 --reparse
+
+The ``--debug 2`` parameter gets a verbose output. This output is helpful to show that the script works, especially when handling a large amount of data.
\ No newline at end of file
diff --git a/source/cloud-security/azure/posture-management.rst b/source/cloud-security/azure/posture-management.rst
deleted file mode 100644
index f55dbc0e27..0000000000
--- a/source/cloud-security/azure/posture-management.rst
+++ /dev/null
@@ -1,371 +0,0 @@
-.. Copyright (C) 2015, Wazuh, Inc.
-
-.. meta::
-   :description: Use Wazuh to monitor Microsoft Azure security posture.
-
-Cloud Security Posture Management
-=================================
-
-Cloud Security Posture Management (CSPM) is essential to ensuring the security and compliance of cloud environments. In cloud computing, the potential for security misconfigurations is significantly high due to mismanagement of permissions, gaps in network configurations, and various other vulnerabilities.
-
-Cloud Security Posture Management addresses these challenges by continuously monitoring and assessing cloud workloads to identify vulnerabilities and potential security risks. It also provides remediation steps to rectify the potential security risks identified in the cloud environment.
-
-Wazuh is a free, open source, enterprise-grade security monitoring platform that provides comprehensive protection for cloud, on-premises, containerized, and virtualized environments. Microsoft Azure is a comprehensive cloud computing platform that offers a wide range of services to help businesses build, deploy, and manage their applications and infrastructure.
-
-This section demonstrates how to use Wazuh to monitor Microsoft Azure security posture.
-
-Integrating Wazuh with Microsoft Azure
---------------------------------------
-
-Wazuh integrates with Azure using the Log Analytics Workspace. The Azure Log Analytics workspace is a unique environment for storing log data from Azure Monitor and other Azure services, such as the Microsoft Defender for Cloud. Wazuh provides a native :doc:`integration module for Azure </cloud-security/azure/activity-services/services/log-analytics>` that retrieves logs from the Log Analytics Workspace.
-
-Below is a summary of the actions performed on Azure to integrate with Wazuh.
-
--  **Creating a service principal application**: This involves registering an application with a Microsoft Entra ID, which automatically creates a service principal for the application registration. The service principal is the application’s identity in the Microsoft Entra tenant and its access to resources is restricted by the roles assigned to it.
--  **Creating a Log Analytics workspace**: The workspace is where logs and data are stored, and it has a unique workspace ID and resource ID. The Wazuh :doc:`Azure module </user-manual/reference/ossec-conf/wodle-azure-logs>` is then configured to query the workspace for new data. 
--  **Enabling Microsoft Defender for Cloud**: Configure the Microsoft Defender for Cloud to scan all resources inside an Azure Subscription. Microsoft Defender for Cloud is configured to send security log data and recommendations to the created Log Analytics workspace.
-
-Microsoft Azure
----------------
-
-Creating a service principal application
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Create a Microsoft Entra ID application for Wazuh authentication to the Log Analytics Workspace. Microsoft Entra ID is the identity directory service from Microsoft.
-
-#. In the Search bar of the Azure portal, type ``Microsoft Entra ID``, then select the same service name. Select **App registrations** from the Default Directory on the sidebar menu.
-#. Select **+ New registration** from the command bar to create a new service principal application.
-#. On the opened form, enter a unique name for the application and click **Register**. Note the _`Application (client) ID` on the application overview page.
-
-   .. thumbnail:: /images/cloud-security/azure/register-an-application.gif
-      :title: Register an application
-      :alt: Register an application
-      :align: center
-      :width: 80%
-
-#. On the opened application overview page:
-
-   -  Select **Certificates & secrets** from the sidebar menu.
-   -  Click on the **Client secrets** tab.
-   -  Click **+ New client secret**. Enter a description for the _`secret`, select the expiry period, and click **Add**.
-   -  Copy and save the client secret value.
-
-   .. note::
-
-      You can only view client secret values immediately after creation. Be sure to save the secret before leaving the page.
-
-   .. thumbnail:: /images/cloud-security/azure/create-secret.gif
-      :title: Create secret
-      :alt: Create secret
-      :align: center
-      :width: 80%
-
-#. On the application overview page, select **API permissions**. Select **+ Add a permission**.
-
-#. On the **Request API permissions** page:
-
-   -  Click on the **APIs my organization uses** tab.
-   -  Search for ``Log Analytics`` and select **Log Analytics API** from the list. 
-   -  Click on **Application permissions**.
-   -  Select the **Read Log Analytics data** permission.
-   -  Click **Add permissions**.
-   -  On the **API permissions** page, Click on **Grant admin consent for Default Directory**.
-   -  Click **Yes**.
-
-   .. thumbnail:: /images/cloud-security/azure/request-api-permissions.gif
-      :title: Request API permissions
-      :alt: Request API permissions
-      :align: center
-      :width: 80%
-
-.. _create-log-analytics-workspace:
-
-Create a Log Analytics workspace
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Create a Log Analytics Workspace that enables Wazuh to retrieve log data from Azure. 
-
-#. In the search bar of the Azure portal, type ``Log Analytics workspaces``, then select the same service name. Select **+ Create** from the command bar to create a new workspace.
-#. On the opened dialog box, select **Create new** to create a _`resource group` for the Log Analytics. Enter a unique name for the **Resource group** and click **OK**.
-#. In the **Instance details** section, enter a unique name for the Log Analytics workspace.
-#. Select the **Review + Create** tab. Once the workspace validation has passed, select **Create**. Wait for the new workspace to be provisioned, this may take a few minutes.
-
-   .. thumbnail:: /images/cloud-security/azure/log-analytics-workspace.gif
-      :title: Create Log analytics workspace
-      :alt: Create Log analytics workspace
-      :align: center
-      :width: 80%
-
-#. In the search bar of the Azure portal, type ``Log Analytics workspaces``, select the new workspace. Copy the **Workspace ID** from the **Essentials** section. The Workspace ID will be used as part of the configuration in Wazuh.
-
-   .. thumbnail:: /images/cloud-security/azure/log-analytics-workspace-id.png
-      :title: Log analytics workspace
-      :alt: Log analytics workspace
-      :align: center
-      :width: 80%
-
-#. Click on the **Access control (IAM)** on the sidebar menu of the Log Analytics workspace page. 
-
-   -  Click on **+ Add** on the command bar and select **Add role assignment**.
-   -  On the **Add role assignment** page, search for ``Log Analytics Reader``. Select it and click **Next**.
-   -  On the **Members** page, click on **+ Select members**.
-   -  Search for your service principal application name on the **Select members** box and click **Select**.
-   -  Click **Next** then **Review + assign**.
-
-   .. thumbnail:: /images/cloud-security/azure/add-role-assignment.gif
-      :title: Add role assignment
-      :alt: Add role assignment
-      :align: center
-      :width: 80%
-
-#. In the Search bar of the Azure portal, type ``Microsoft Entra ID``, then select the same service name.
-#. Copy the Azure tenant **Primary domain** _`name` from the **Basic Information** section. This will be used as part of the configuration in Wazuh.
-
-   .. thumbnail:: /images/cloud-security/azure/copy-primary-domain.png
-      :title: Copy primary domain
-      :alt: Copy primary domain
-      :align: center
-      :width: 80%
-
-Enable Microsoft Defender for Cloud
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Enable and configure Microsoft Defender for Cloud to report all security misconfigurations using its CSPM module.
-
-#. In the search bar of the Azure portal, type ``Microsoft Defender``, then select **Microsoft Defender for Cloud**.
-#. Select **Getting started** on the sidebar menu. On the **Getting started** page, under the **Upgrade** tab, select your subscription, and then click the **Upgrade** button at the bottom of the page.
-
-   .. thumbnail:: /images/cloud-security/azure/microsoft-defender-for-cloud-upgrade.png
-      :title: Microsoft defender for Cloud upgrade
-      :alt: Microsoft defender for Cloud upgrade
-      :align: center
-      :width: 80%
-
-#. In the left menu for Microsoft Defender for Cloud;
-
-   -  Navigate to the **Management** section, select **Environment settings**.
-   -  Expand **Azure** > **Tenant Root Group** to reveal your Azure subscription.
-   -  Select your Azure subscription.
-
-   On the **Settings** page, verify the **Status** of the entries is **On**, else, click **Enable all plans** and **Save**.
-
-   .. thumbnail:: /images/cloud-security/azure/enable-all-plans.png
-      :title: Enable all plans
-      :alt: Enable all plans
-      :align: center
-      :width: 80%
-
-#. Click **Continuous export** on the sidebar menu and click on the **Log Analytics workspace** tab to configure Defender to continuously send logs to the Log Analytics workspace. Select the **Security alerts** and **Regulatory compliance** checkboxes.
-
-   .. thumbnail:: /images/cloud-security/azure/continuous-export-setup.png
-      :title: Continuous export setup
-      :alt: Continuous export setup
-      :align: center
-      :width: 80%
-
-#. Scroll down to the **Export** sections and select the `resource group`_ created for the Log Analytics workspace. Select your tenant Azure subscription and the :ref:`target workspace <create-log-analytics-workspace>`. Click **Save**.
-
-   .. thumbnail:: /images/cloud-security/azure/continuous-export-setup2.png
-      :title: Continuous export setup
-      :alt: Continuous export setup
-      :align: center
-      :width: 80%
-
-#. In the left menu for Microsoft Defender for Cloud
-
-   -  Navigate to the **Management** section, select **Environment settings**.
-   -  Expand **Azure** > **Tenant Root Group** > your Azure subscription
-   -  Select your :ref:`Log Analytics workspace <create-log-analytics-workspace>` created above.
-   -  Verify the **Status** of the entries is **On**, else, click **Enable all plans** and **Save**.
-
-   .. thumbnail:: /images/cloud-security/azure/enable-all-plans.gif
-      :title: Enable all plans
-      :alt: Enable all plans
-      :align: center
-      :width: 80%
-
-Wazuh server
-------------
-
-Configure the Wazuh server to receive logs from Microsoft Azure by performing the following steps.
-
-.. note::
-   
-   Run the following commands as the root user.
-
-#. Create a ``credentials`` directory in the ``/var/ossec/wodles/`` directory:
-
-   .. code-block:: console
-
-      # mkdir /var/ossec/wodles/credentials
-
-#. Create a ``/var/ossec/wodles/credentials/log_analytics_credentials`` file:
-
-   .. code-block:: console
-
-      # touch /var/ossec/wodles/credentials/log_analytics_credentials
-
-#. Update the ``/var/ossec/wodles/credentials/log_analytics_credentials`` file as shown below:
-
-   .. code-block:: none
-
-      application_id = <SERVICE_PRINCIPAL_APPLICATION_ID>
-      application_key = <CLIENT_SECRET_VALUE>
-
-   Replace:
-
-   -  ``<SERVICE_PRINCIPAL_APPLICATION_ID>`` with the service principal `Application (client) ID`_.
-   -  ``<CLIENT_SECRET_VALUE>`` with the client `secret`_ value.
-
-#. Append the following content to the ``/var/ossec/etc/ossec.conf`` configuration file. The configuration specifies how Wazuh connects to Azure:
-
-   .. code-block:: xml
-
-      <ossec_config>
-        <wodle name="azure-logs">
-          <disabled>no</disabled>
-          <run_on_start>yes</run_on_start>
-          <interval>5m</interval>
-
-          <log_analytics>
-              <auth_path>/var/ossec/wodles/credentials/log_analytics_credentials</auth_path>
-              <tenantdomain><PRIMARY_DOMAIN></tenantdomain>
-
-              <request>
-                  <tag>azurefindings</tag>
-                  <query>SecurityRecommendation</query>
-                  <workspace><LOG_ANALYTICS_WORKSPACE_ID></workspace>
-                  <time_offset>1d</time_offset>
-              </request>
-
-              <request>
-                  <tag>azurefindings</tag>
-                  <query>SecurityAlert</query>
-                  <workspace><LOG_ANALYTICS_WORKSPACE_ID></workspace>
-                  <time_offset>1d</time_offset>
-              </request>
-
-          </log_analytics>
-        </wodle>
-      </ossec_config>
-
-   .. note::
-
-      The ``interval`` value represents the time between each Azure-Logs module execution. You should set it to a time that is tolerable for your infrastructure.
-
-   Replace:
-
-   -  ``<PRIMARY_DOMAIN>`` with the domain `name`_ of the Azure tenant copied above.
-   -  ``<LOG_ANALYTICS_WORKSPACE_ID>`` with the :ref:`ID of the Log Analytics workspace <create-log-analytics-workspace>` created above.
-
-#. Create a rule file ``azure_posture.xml`` in the ``/var/ossec/etc/rules/`` directory and add the following custom rules to detect Azure posture findings:
-
-   .. code-block:: xml
-
-      <group name="azure,">
-
-        <rule id="100200" level="10">
-          <if_sid>87801</if_sid>
-          <field name="Type">SecurityRecommendation</field>
-          <description>Azure Security Posture: $(RecommendationName).</description>
-        </rule>
-
-        <rule id="100201" level="10">
-          <if_sid>87801</if_sid>
-          <field name="Type">SecurityAlert</field>
-          <field name="ResourceId">Microsoft.Compute</field>
-          <description>Azure Security Posture: $(DisplayName).</description>
-          <mitre>
-            <id>T1651</id>
-          </mitre>
-        </rule>
-
-        <rule id="100202" level="10">
-          <if_sid>87801</if_sid>
-          <field name="Type">SecurityAlert</field>
-          <field name="ResourceId">microsoft.keyvault</field>
-          <description>Azure Security Posture: $(DisplayName).</description>
-          <mitre>
-            <id>T1098.004</id>
-          </mitre>
-        </rule>
-
-        <rule id="100203" level="10">
-          <if_sid>87801</if_sid>
-          <field name="Type">SecurityAlert</field>
-          <field name="ResourceId">Microsoft.Web</field>
-          <description>Azure Security Posture: $(DisplayName).</description>
-          <mitre>
-            <id>T1648</id>
-          </mitre>
-        </rule>
-
-        <rule id="100204" level="10">
-          <if_sid>87801</if_sid>
-          <field name="Type">SecurityAlert</field>
-          <field name="ResourceId">Microsoft.ApiManagement</field>
-          <description>Azure Security Posture: $(DisplayName).</description>
-          <mitre>
-            <id>T1059.009</id>
-          </mitre>
-        </rule> 
-
-        <rule id="100205" level="10">
-          <if_sid>87801</if_sid>
-          <field name="Type">SecurityAlert</field>
-          <field name="ResourceId">Microsoft.ContainerService|cluster</field>
-          <description>Azure Security Posture: $(DisplayName).</description>
-          <mitre>
-            <id>T1609</id>
-          </mitre>
-        </rule> 
-
-      </group>
-
-   Where:
-
-   -  Rule ID ``100200`` is triggered when Wazuh detects a new security posture recommendation in Azure.
-   -  Rule ID ``100201`` is triggered when Wazuh detects an attack against Azure Virtual Machine.
-   -  Rule ID ``100202`` is triggered when Wazuh detects an attack in Azure Key Vault.
-   -  Rule ID ``100203`` is triggered when Wazuh detects an attack in Azure App Service.
-   -  Rule ID ``100204`` is triggered when Wazuh detects an attack in Azure API Management.
-   -  Rule ID ``100205`` is triggered when Wazuh detects an attack in Azure Container and clusters.
-
-#. Restart the Wazuh manager to apply the configuration:
-
-   .. code-block:: console
-
-      # systemctl restart wazuh-manager
-
-Cloud Security Posture Management simulation
---------------------------------------------
-
-Simulate sample security alerts in Microsoft Defender for Cloud. These alerts mimic real life attacks in a cloud environment.
-
-To create sample alerts, follow the steps below:
-
-#. In the Search bar of the Azure portal, type ``Microsoft Defender``, then select **Microsoft Defender for Cloud**.
-#. Click on **Security alerts** on the sidebar menu. On the Security alerts windows, select **Sample alerts** on the command bar. Select your Azure Subscription and the desired Azure service in the **Defender for Cloud plans** dropdown and click **Create sample alerts**.
-
-   .. note::
-      
-      For this example, we restrict our alert simulation to **App Services**, **Key Vaults**, **Virtual Machines**, **Containers**, and **API**.
-
-#. Refresh the security alerts page to visualize the newly generated alerts.
-
-   .. thumbnail:: /images/cloud-security/azure/defender-for-cloud-security-alerts.png
-      :title: Defender for Cloud security alerts
-      :alt: Defender for Cloud security alerts
-      :align: center
-      :width: 80%
-
-Posture management results on the Wazuh dashboard
--------------------------------------------------
-
-Visualize the results by navigating to the **Modules** > **Security events** tab. Filter for the azure rule group.
-
-.. thumbnail:: /images/cloud-security/azure/azure-security-alerts-on-wazuh-dashboard.png
-   :title: Azure security alerts on the Wazuh dashboard
-   :alt: Azure security alerts on the Wazuh dashboard
-   :align: center
-   :width: 80%
diff --git a/source/cloud-security/azure/storage.rst b/source/cloud-security/azure/storage.rst
new file mode 100644
index 0000000000..fe3ab8ea46
--- /dev/null
+++ b/source/cloud-security/azure/storage.rst
@@ -0,0 +1,127 @@
+.. Copyright (C) 2015, Wazuh, Inc.
+
+.. meta::
+   :description: As an alternative to the Azure Log Analytics REST API, Wazuh offers access to a Microsoft Azure Storage account.
+
+Microsoft Azure Storage
+=======================
+
+`Microsoft Azure Storage <https://docs.microsoft.com/en-us/azure/storage/common/storage-introduction>`__ refers to the Microsoft Azure cloud storage solution. This service provides a massively scalable object store for data objects, a messaging store for reliable messaging, a file system service for the cloud, and a NoSQL store.
+
+.. thumbnail:: /images/cloud-security/azure/microsoft-azure-storage-diagram.png
+   :align: center
+   :width: 80%
+
+As an alternative to the Azure Log Analytics REST API, Wazuh offers access to a Microsoft Azure Storage account. You can export the activity logs of the Microsoft Azure infrastructure to the storage accounts.
+
+This section explains using the Azure portal to archive your Microsoft Azure activity logs in a storage account.
+
+Configuration
+-------------
+
+Azure
+^^^^^
+
+Configuring the activity log export
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+#. Select the **Audit Logs** option from the **Monitoring section** within **Microsoft Entra ID** and click on **Export Data Settings**.
+
+   .. thumbnail:: /images/cloud-security/azure/export-data-settings.png
+      :align: center
+      :width: 80%
+
+#. Click **Add diagnostic setting**.
+
+   .. thumbnail:: /images/cloud-security/azure/add-diagnostic-setting2.png
+      :align: center
+      :width: 80%
+
+#. Select the **AuditLogs** and **Archive to the storage account** checkbox, then select the subscription and Storage account to which you want to export the logs from the dropdown menu.
+
+   .. thumbnail:: /images/cloud-security/azure/archive-to-the-storage-account.png
+      :align: center
+      :width: 80%
+
+Wazuh server or agent
+^^^^^^^^^^^^^^^^^^^^^
+
+It is important to set the ``account_name`` and ``account_key`` of the storage account to authenticate. The image below shows an already configured storage account.
+
+.. thumbnail:: /images/cloud-security/azure/storage-account-configured.png
+   :align: center
+   :width: 80%
+
+Check the :ref:`credentials <getting_access_credentials>` section for guidance on configuring Microsoft Azure Storage credentials.
+
+#. Apply the following configuration to the local configuration file ``/var/ossec/etc/ossec.conf`` of the Wazuh server or agent. This will depend on where you configured the Wazuh module for Azure:
+
+   .. code-block:: xml
+
+      <wodle name="azure-logs">
+
+          <disabled>no</disabled>
+          <interval>1d</interval>
+          <run_on_start>yes</run_on_start>
+
+          <storage>
+
+                  <auth_path>/home/manager/Azure/storage_auth.txt</auth_path>
+                  <tag>azure-activity</tag>
+
+                  <container name="insights-activity-logs">
+                      <blobs>.json</blobs>
+                      <content_type>json_inline</content_type>
+                      <time_offset>24h</time_offset>
+                      <path>info-logs</path>
+                  </container>
+
+          </storage>
+      </wodle>
+
+   Where
+
+   -  ``<auth_path>`` is the full path of where the workspace secret key is stored.
+   -  ``<container>`` contains useful parameters while fetching blog storage contents.
+   -  ``<container name="insights-activity-logs">`` the log container that will be streamed.
+   -  ``<blobs>.json</blobs>`` is the blob format that will be downloaded.
+   -  ``<time_offset>`` is the timeframe dated backward. In this case, all logs within a 24-hour timeframe will be downloaded.
+   -  ``<content_type>`` is the format for storing the content of the blobs.
+
+   Check the :doc:`Wazuh module for Azure </user-manual/reference/ossec-conf/wodle-azure-logs>` reference page to learn more about the parameters available and how to use them.
+
+#. Restart your Wazuh server or agent, depending on where you configured the Wazuh module for Azure.
+
+   Wazuh agent:
+
+   .. code-block:: console
+
+      # systemctl restart wazuh-agent
+
+   Wazuh server:
+
+   .. code-block:: console
+
+      # systemctl restart wazuh-manager
+
+Use case
+^^^^^^^^
+
+Here is an example of Microsoft Entra ID activity monitoring using the above configuration.
+
+Create a new user
+~~~~~~~~~~~~~~~~~
+
+Create a new user in your Microsoft Azure environment using Microsoft Entra ID. A few minutes after creating the user, a new log will be available in a container named ``insights-activity-logs`` inside the Storage account specified when configuring the Activity log export.
+
+Please refer to the :ref:`creating a user <log_analytics_use_case_creating_user>` section under the Azure Log Analytics use case.
+
+.. thumbnail:: /images/cloud-security/azure/new-container-available.png
+   :align: center
+   :width: 80%
+
+You can check the results in the Wazuh dashboard.
+
+.. thumbnail:: /images/cloud-security/azure/results-in-wazuh-dashboard2.png
+   :align: center
+   :width: 80%
diff --git a/source/cloud-security/monitoring.rst b/source/cloud-security/monitoring.rst
index ef13cbc9ba..83a22c54f0 100644
--- a/source/cloud-security/monitoring.rst
+++ b/source/cloud-security/monitoring.rst
@@ -17,5 +17,4 @@ Wazuh helps increase the security of some of the most comprehensive and broadly
    azure/index
    github/index
    gcp/index
-   ms-graph/index
    office365/index
diff --git a/source/cloud-security/ms-graph/index.rst b/source/cloud-security/ms-graph/index.rst
deleted file mode 100644
index 56ae7fb7c9..0000000000
--- a/source/cloud-security/ms-graph/index.rst
+++ /dev/null
@@ -1,35 +0,0 @@
-.. Copyright (C) 2015, Wazuh, Inc.
-
-.. meta::
-  :description: Discover how Wazuh helps you monitor the Microsoft Graph API for your organization. Learn more about it in this section of our documentation.
-  
-.. _ms-graph:
-
-Using Wazuh to monitor Microsoft Graph
-======================================
-
-.. versionadded:: 4.6.0
-
-This section provides instructions for monitoring **Microsoft Graph API** `resources` and `relationships` within your organization.
-
-Currently, the module allows you to monitor the following with Wazuh:
-
-- Microsoft Entra ID Protection
-- Microsoft 365 Defender
-- Microsoft Defender for Cloud Apps
-- Microsoft Defender for Endpoint
-- Microsoft Defender for Identity
-- Microsoft Defender for Office 365
-- Microsoft Purview eDiscovery
-- Microsoft Purview Data Loss Prevention (DLP)
-
-While these are centric to the security resource, the Microsoft Graph REST API contains a large number of additional resources that can be monitored. See the `Overview of Microsoft Graph <https://learn.microsoft.com/en-us/graph/overview?view=graph-rest-1.0>`_ documentation to learn more.
-
-.. note:: Currently, only the `security` resource can be considered mature as it's the only one tested and with pre-made rules. However, the logs of other resources can still be ingested at your organization's discretion.
-
-.. topic:: Contents
-
-  .. toctree::
-    :maxdepth: 2
-
-    monitoring-ms-graph-activity
diff --git a/source/cloud-security/ms-graph/monitoring-ms-graph-activity.rst b/source/cloud-security/ms-graph/monitoring-ms-graph-activity.rst
deleted file mode 100644
index 335745cfa8..0000000000
--- a/source/cloud-security/ms-graph/monitoring-ms-graph-activity.rst
+++ /dev/null
@@ -1,278 +0,0 @@
-.. Copyright (C) 2015, Wazuh, Inc.
-
-.. meta::
-  :description: Learn how to monitor your organization's activity via Wazuh's integration with the Microsoft Graph API in this section of our documentation.
-
-.. _ms-graph_monitoring_activity:
-
-Monitoring Microsoft Graph Activity
-===================================
-
-The **Microsoft Graph API** is a powerful interface that allows an organization's admins to review a wide variety of information concerning a Microsoft 365 tenant and its associated users and endpoints.
-This includes details such as security scores and detected incidents as well as information like available OneDrive resources and login audit logs.
-
-In turn, this module integrates with Microsoft Graph to bring this content-rich source of information into Wazuh. This is done through a series of `resources` and `relationships`, which describe the function, type, and content of various logs available within Microsoft Graph.
-
-**Retrieving content:**
-
-To retrieve a set of logs from Microsoft Graph, make a GET request against the URL delineated below:
-
-.. code-block:: xml
-
-    GET https://graph.microsoft.com/{version}/{resource}/{relationship}?{query-parameters}
-
-A description of the current production version of the Microsoft Graph API can be found at the `Overview of Microsoft Graph <https://learn.microsoft.com/en-us/graph/overview?view=graph-rest-1.0>`_.
-
-Alternatively, the API can be directly experimented with through the `Microsoft Graph Explorer <https://developer.microsoft.com/graph/graph-explorer>`_.
-
-Microsoft Graph API Setup
--------------------------
-
-Before **Wazuh** can begin pulling logs and other content from the Microsoft Graph API, it must be authorized and pass through an authentication process. To authenticate, Wazuh must provide the ``tenant_id``, ``client_id``, and ``secret_value`` of an authorized application, which we will register through Azure.
-
-Registering your app
-^^^^^^^^^^^^^^^^^^^^
-
-#. To authenticate with the Microsoft identity platform endpoint, you need to register an app in your `Microsoft Azure portal application registration <https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade>`_ section. Once there, click on **New registration**:
-
-   .. thumbnail:: /images/cloud-security/ms-graph/0-azure-app-new-registration.png
-       :title: Register your app
-       :alt: Register your app
-       :align: center
-       :width: 100%
-
-#. Fill in the name of your app, choose the desired account type, and click on the **Register** button:
-
-   .. thumbnail:: /images/cloud-security/ms-graph/1-azure-wazuh-app-register-application.png
-       :title: Register your app
-       :alt: Register your app
-       :align: center
-       :width: 100%
-
-#. The app is now registered, and you can see information about it in its **Overview** section. Make sure to note down the ``client_id`` and ``tenant_id`` information:
-
-   .. thumbnail:: /images/cloud-security/ms-graph/2-azure-wazuh-app-overview.png
-       :title: Register your app
-       :alt: Register your app
-       :align: center
-       :width: 100%
-
-Certificates & secrets
-^^^^^^^^^^^^^^^^^^^^^^
-#. Generate a secret to be used during the authentication process. Go to **Certificates & secrets** and click on **New client secret**, which will then generate the secret and its ID:
-   
-   .. thumbnail:: /images/cloud-security/ms-graph/3-azure-wazuh-app-create-secret.png
-       :title: Certificates & secrets
-       :alt: Certificates & secrets
-       :align: center
-       :width: 100%
-   
-#. Ensure that the ``secret_value`` information is copied down and saved:
-   
-    .. thumbnail:: /images/cloud-security/ms-graph/3-azure-wazuh-app-create-secret-copy-value.png
-        :title: Copy secrets value
-        :alt: Copy secrets value
-        :align: center
-        :width: 100%
-   
-    .. note:: Make sure you write down the secret's value section, because the UI won't let you copy it afterward.
-
-API permissions
-^^^^^^^^^^^^^^^
-
-The application needs specific API permissions to be able to retrieve logs and events from the Microsoft Graph API. In this case, you are looking for permissions related to the `security` resource.
-   
-#. To configure the application permissions, go to the **API permissions** page and choose **Add a permission**. Select **Microsoft Graph API** and click on **Application permissions**.
-   
-#. Add the following relationships' permissions under the **SecurityAlert** and **SecurityIncident** sections:
-   
-   - ``SecurityAlert.Read.All``. Read `alerts` & `alerts_v2` relationship data from your tenant.
-
-   - ``SecurityIncident.Read.All``. Read `incident` relationship data, including associated events/alerts, from your tenant.
-   
-   .. thumbnail:: /images/cloud-security/ms-graph/4-azure-wazuh-app-configure-permissions.png
-       :title: API permissions
-       :alt: API permissions
-       :align: center
-       :width: 100%
-      
-.. note:: Admin consent is required for API permission changes.
-   
-.. thumbnail:: /images/cloud-security/ms-graph/4-azure-wazuh-app-configure-permissions-admin-consent.png
-    :title: API permissions admin consent
-    :alt: API permissions admin consent
-    :align: center
-    :width: 100%
-
-
-Wazuh configuration
--------------------
-
-Next, we will see the options we have to configure to allow the integration to successfully pull logs from the Microsoft Graph API.
-
-Configure the ``ms-graph`` module in the Wazuh manager or in the Wazuh agent :doc:`configuration file </user-manual/reference/ossec-conf/index>`. Through the following configuration, Wazuh is ready to search for logs created by Microsoft Graph resources and relationships.
-
-In this case, we will search for `alerts_v2` and `incidents` type events within the `security` resource at an interval of ``5m``. The logs will only be those that were created after the module was started:
-
-.. code-block:: xml
-
-    <ms-graph>
-        <enabled>yes</enabled>
-        <only_future_events>yes</only_future_events>
-        <curl_max_size>10M</curl_max_size>
-        <run_on_start>yes</run_on_start>
-        <interval>5m</interval>
-        <version>v1.0</version>
-        <api_auth>
-          <client_id>your_client_id</client_id>
-          <tenant_id>your_tenant_id</tenant_id>
-          <secret_value>your_secret_value</secret_value>
-          <api_type>global</api_type>
-        </api_auth>
-        <resource>
-          <name>security</name>
-          <relationship>alerts_v2</relationship>
-          <relationship>incidents</relationship>
-        </resource>
-    </ms-graph>
-
-Using the configuration mentioned above, we can examine a classic example of a security event: malicious spam emails.
-
-Examining Microsoft Graph logs
-------------------------------
-
-One of the more ubiquitous alerts that an organization of any size receive is spam emails. In this case, we can specifically look at an example where the spam email contains malicious content, and examine how Microsoft Graph & Wazuh report on this information.
-
-Imagine that we have set up the Microsoft Graph module to monitor the `security` resource, and the `alerts_v2` relationship within that. Presuming that **Microsoft Defender** is enabled within our **Microsoft 365 tenant**, we would expect JSON similar to the following to be generated:
-
-.. code-block:: json
-    :class: output
-
-    {
-        "id":"xxxx-xxxx-xxxx-xxxx-xxxx",
-        "providerAlertId":"xxxx-xxxx-xxxx-xxxx-xxxx",
-        "incidentId":"xx",
-        "status":"resolved",
-        "severity":"informational",
-        "classification":"truePositive",
-        "determination":null,
-        "serviceSource":"microsoftDefenderForOffice365",
-        "detectionSource":"microsoftDefenderForOffice365",
-        "detectorId":"xxxx-xxxx-xxxx-xxxx-xxxx",
-        "tenantId":"xxxx-xxxx-xxxx-xxxx-xxxx",
-        "title":"Email messages containing malicious file removed after delivery.",
-        "description":"Emails with malicious file that were delivered and later removed -V1.0.0.3",
-        "recommendedActions":"",
-        "category":"InitialAccess",
-        "assignedTo":"Automation",
-        "alertWebUrl":"https://security.microsoft.com/alerts/xxxx-xxxx-xxxx-xxxx-xxxx?tid=xxxx-xxxx-xxxx-xxxx-xxxx",
-        "incidentWebUrl":"https://security.microsoft.com/incidents/xx?tid=xxxx-xxxx-xxxx-xxxx-xxxx",
-        "actorDisplayName":null,
-        "threatDisplayName":null,
-        "threatFamilyName":null,
-        "mitreTechniques":[
-            "T1566.001"
-        ],
-        "createdDateTime":"2022-11-13T23:48:21.9847068Z",
-        "lastUpdateDateTime":"2022-11-14T00:08:37.5366667Z",
-        "resolvedDateTime":"2022-11-14T00:07:25.7033333Z",
-        "firstActivityDateTime":"2022-11-13T23:45:41.0593397Z",
-        "lastActivityDateTime":"2022-11-13T23:47:41.0593397Z",
-        "comments":[
-            
-        ],
-        "evidence":[
-            {
-                "_comment":"Snipped"
-            }
-        ]
-    }
-
-Wazuh Rules
------------
-
-The Wazuh manager includes a set of pre-made rules that aid in classifying the importance and context of different events. 
-
-In this example, we can take a look at the rule id ``99506``, which corresponds to ``MS Graph message: The alert is true positive and detected malicious activity.``, per the `Microsoft Graph documentation <https://learn.microsoft.com/en-us/graph/api/resources/security-alert?view=graph-rest-1.0#alertclassification-values>`_.
-
-.. code-block:: xml
-
-    <rule id="99506" level="6">
-        <if_sid>99501</if_sid>
-        <options>no_full_log</options>
-        <field name="ms-graph.classification">truePositive</field>
-        <description>MS Graph message: The alert is true positive and detected malicious activity.</description>
-    </rule>
-
-Once Wazuh connects with the Microsoft Graph API, the previous log triggers the rule and raises the following alert:
-
-.. code-block:: json
-    :emphasize-lines: 5
-    :class: output
-
-    {
-        "timestamp":"2023-04-23T14:53:15.301+0000",
-        "rule":{
-            "id":"99506",
-	        "level":6,
-	        "description":"MS Graph message: The alert is true positive and detected malicious activity.",
-	        "groups":["ms-graph"],
-	        "firedtimes":1,
-	        "mail":"false"
-        },
-        "agent":{
-            "id":"001",
-            "name":"ubuntu-bionic"
-        },
-        "manager":{
-            "name":"ubuntu-bionic"
-        },
-        "id":"1623276774.47272",
-        "decoder":{
-            "name":"json"
-        },
-        "data":{
-            "integration":"ms-graph",
-            "ms-graph":{
-                "id":"xxxx-xxxx-xxxx-xxxx-xxxx",
-                "providerAlertId":"xxxx-xxxx-xxxx-xxxx-xxxx",
-                "incidentId":"91",
-                "status":"resolved",
-                "severity":"informational",
-                "classification":"truePositive",
-                "determination":null,
-                "serviceSource":"microsoftDefenderForOffice365",
-                "detectionSource":"microsoftDefenderForOffice365",
-                "detectorId":"xxxx-xxxx-xxxx-xxxx-xxxx",
-                "tenantId":"xxxx-xxxx-xxxx-xxxx-xxxx",
-                "title":"Email messages containing malicious file removed after delivery.",
-                "description":"Emails with malicious file that were delivered and later removed -V1.0.0.3",
-                "recommendedActions":"",
-                "category":"InitialAccess",
-                "assignedTo":"Automation",
-                "alertWebUrl":"https://security.microsoft.com/alerts/xxxx-xxxx-xxxx-xxxx-xxxx?tid=xxxx-xxxx-xxxx-xxxx-xxxx",
-                "incidentWebUrl":"https://security.microsoft.com/incidents/91?tid=xxxx-xxxx-xxxx-xxxx-xxxx",
-                "actorDisplayName":null,
-                "threatDisplayName":null,
-                "threatFamilyName":null,
-                "resource":"security",
-                "relationship":"alerts_v2",
-                "mitreTechniques":[
-                    "T1566.001"
-                ],
-                "createdDateTime":"2022-11-13T23:48:21.9847068Z",
-                "lastUpdateDateTime":"2022-11-14T00:08:37.5366667Z",
-                "resolvedDateTime":"2022-11-14T00:07:25.7033333Z",
-                "firstActivityDateTime":"2022-11-13T23:45:41.0593397Z",
-                "lastActivityDateTime":"2022-11-13T23:47:41.0593397Z",
-                "comments":[
-
-                ],
-                "evidence":[
-                    {
-                        "_comment":"Snipped"
-                    }
-                ]
-            }
-        }
-    }
diff --git a/source/getting-started/use-cases/posture-management.rst b/source/getting-started/use-cases/posture-management.rst
index 20e4ed19e7..8a79639e79 100644
--- a/source/getting-started/use-cases/posture-management.rst
+++ b/source/getting-started/use-cases/posture-management.rst
@@ -77,7 +77,7 @@ Wazuh integrates with Azure using the Log Analytics Workspace. The Azure Log Ana
    :align: center
    :width: 80%
 
-We provide detailed guidelines on configuring Wazuh to receive Azure Cloud logs using the Log Analytics Workspace in our :doc:`Azure Log Analytics </cloud-security/azure/activity-services/services/log-analytics>` documentation. Once configured, you can set up your Wazuh deployment to retrieve *Recommendations*, *Security alerts*, and *Regulatory compliance* logs for your Azure cloud infrastructure.
+We provide detailed guidelines on configuring Wazuh to receive Azure Cloud logs using the Log Analytics Workspace in our :doc:`Azure Log Analytics </cloud-security/azure/log-analytics>` documentation. Once configured, you can set up your Wazuh deployment to retrieve *Recommendations*, *Security alerts*, and *Regulatory compliance* logs for your Azure cloud infrastructure.
 
 The image below shows Azure security posture management logs received on Wazuh.
 
diff --git a/source/images/cloud-security/azure/aad-graph-intro.png b/source/images/cloud-security/azure/aad-graph-intro.png
deleted file mode 100644
index 291ca69cbe..0000000000
Binary files a/source/images/cloud-security/azure/aad-graph-intro.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/account-credentials.png b/source/images/cloud-security/azure/account-credentials.png
deleted file mode 100644
index 9659ce0d1b..0000000000
Binary files a/source/images/cloud-security/azure/account-credentials.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/add-api-permission.png b/source/images/cloud-security/azure/add-api-permission.png
new file mode 100644
index 0000000000..cbc6a5aaa1
Binary files /dev/null and b/source/images/cloud-security/azure/add-api-permission.png differ
diff --git a/source/images/cloud-security/azure/add-api-permission2.png b/source/images/cloud-security/azure/add-api-permission2.png
new file mode 100644
index 0000000000..846db69061
Binary files /dev/null and b/source/images/cloud-security/azure/add-api-permission2.png differ
diff --git a/source/images/cloud-security/azure/add-api-permissions.png b/source/images/cloud-security/azure/add-api-permissions.png
new file mode 100644
index 0000000000..f8436816e7
Binary files /dev/null and b/source/images/cloud-security/azure/add-api-permissions.png differ
diff --git a/source/images/cloud-security/azure/add-client-secret.png b/source/images/cloud-security/azure/add-client-secret.png
new file mode 100644
index 0000000000..d96148aedb
Binary files /dev/null and b/source/images/cloud-security/azure/add-client-secret.png differ
diff --git a/source/images/cloud-security/azure/add-client-secret2.png b/source/images/cloud-security/azure/add-client-secret2.png
new file mode 100644
index 0000000000..facb67628c
Binary files /dev/null and b/source/images/cloud-security/azure/add-client-secret2.png differ
diff --git a/source/images/cloud-security/azure/add-diagnostic-setting.png b/source/images/cloud-security/azure/add-diagnostic-setting.png
new file mode 100644
index 0000000000..7a93cc255a
Binary files /dev/null and b/source/images/cloud-security/azure/add-diagnostic-setting.png differ
diff --git a/source/images/cloud-security/azure/add-diagnostic-setting2.png b/source/images/cloud-security/azure/add-diagnostic-setting2.png
new file mode 100644
index 0000000000..be36582bef
Binary files /dev/null and b/source/images/cloud-security/azure/add-diagnostic-setting2.png differ
diff --git a/source/images/cloud-security/azure/add-role-assignment.gif b/source/images/cloud-security/azure/add-role-assignment.gif
deleted file mode 100644
index 7581efce11..0000000000
Binary files a/source/images/cloud-security/azure/add-role-assignment.gif and /dev/null differ
diff --git a/source/images/cloud-security/azure/add-role-assignment.png b/source/images/cloud-security/azure/add-role-assignment.png
new file mode 100644
index 0000000000..d1b9159a48
Binary files /dev/null and b/source/images/cloud-security/azure/add-role-assignment.png differ
diff --git a/source/images/cloud-security/azure/app-registrations.png b/source/images/cloud-security/azure/app-registrations.png
new file mode 100644
index 0000000000..5e5988a1d5
Binary files /dev/null and b/source/images/cloud-security/azure/app-registrations.png differ
diff --git a/source/images/cloud-security/azure/application-display-name.png b/source/images/cloud-security/azure/application-display-name.png
new file mode 100644
index 0000000000..5a924486f6
Binary files /dev/null and b/source/images/cloud-security/azure/application-display-name.png differ
diff --git a/source/images/cloud-security/azure/archive-to-the-storage-account.png b/source/images/cloud-security/azure/archive-to-the-storage-account.png
new file mode 100644
index 0000000000..f90aca9d68
Binary files /dev/null and b/source/images/cloud-security/azure/archive-to-the-storage-account.png differ
diff --git a/source/images/cloud-security/azure/azure-security-alerts-on-wazuh-dashboard.png b/source/images/cloud-security/azure/azure-security-alerts-on-wazuh-dashboard.png
deleted file mode 100644
index 9d1fe40eab..0000000000
Binary files a/source/images/cloud-security/azure/azure-security-alerts-on-wazuh-dashboard.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/choose-categories.png b/source/images/cloud-security/azure/choose-categories.png
new file mode 100644
index 0000000000..c72a0502e8
Binary files /dev/null and b/source/images/cloud-security/azure/choose-categories.png differ
diff --git a/source/images/cloud-security/azure/click-new-user.png b/source/images/cloud-security/azure/click-new-user.png
new file mode 100644
index 0000000000..f770046d95
Binary files /dev/null and b/source/images/cloud-security/azure/click-new-user.png differ
diff --git a/source/images/cloud-security/azure/continuous-export-setup.png b/source/images/cloud-security/azure/continuous-export-setup.png
deleted file mode 100644
index 28a416dfe5..0000000000
Binary files a/source/images/cloud-security/azure/continuous-export-setup.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/continuous-export-setup2.png b/source/images/cloud-security/azure/continuous-export-setup2.png
deleted file mode 100644
index 9aa5b6ccd6..0000000000
Binary files a/source/images/cloud-security/azure/continuous-export-setup2.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/copy-client-secret.png b/source/images/cloud-security/azure/copy-client-secret.png
new file mode 100644
index 0000000000..1acd3b4602
Binary files /dev/null and b/source/images/cloud-security/azure/copy-client-secret.png differ
diff --git a/source/images/cloud-security/azure/copy-client-secret2.png b/source/images/cloud-security/azure/copy-client-secret2.png
new file mode 100644
index 0000000000..a1522187d9
Binary files /dev/null and b/source/images/cloud-security/azure/copy-client-secret2.png differ
diff --git a/source/images/cloud-security/azure/copy-client-secret3.png b/source/images/cloud-security/azure/copy-client-secret3.png
new file mode 100644
index 0000000000..a07de522a9
Binary files /dev/null and b/source/images/cloud-security/azure/copy-client-secret3.png differ
diff --git a/source/images/cloud-security/azure/copy-primary-domain.png b/source/images/cloud-security/azure/copy-primary-domain.png
deleted file mode 100644
index e39167b624..0000000000
Binary files a/source/images/cloud-security/azure/copy-primary-domain.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/copy-workspace-ID.png b/source/images/cloud-security/azure/copy-workspace-ID.png
new file mode 100644
index 0000000000..eec82bf3e5
Binary files /dev/null and b/source/images/cloud-security/azure/copy-workspace-ID.png differ
diff --git a/source/images/cloud-security/azure/create-log-analytics-workspace.png b/source/images/cloud-security/azure/create-log-analytics-workspace.png
new file mode 100644
index 0000000000..4b0037c4c3
Binary files /dev/null and b/source/images/cloud-security/azure/create-log-analytics-workspace.png differ
diff --git a/source/images/cloud-security/azure/create-new-user.png b/source/images/cloud-security/azure/create-new-user.png
new file mode 100644
index 0000000000..0451adcb18
Binary files /dev/null and b/source/images/cloud-security/azure/create-new-user.png differ
diff --git a/source/images/cloud-security/azure/create-new-user2.png b/source/images/cloud-security/azure/create-new-user2.png
new file mode 100644
index 0000000000..fc2be9326d
Binary files /dev/null and b/source/images/cloud-security/azure/create-new-user2.png differ
diff --git a/source/images/cloud-security/azure/create-secret.gif b/source/images/cloud-security/azure/create-secret.gif
deleted file mode 100644
index 9111be98db..0000000000
Binary files a/source/images/cloud-security/azure/create-secret.gif and /dev/null differ
diff --git a/source/images/cloud-security/azure/defender-for-cloud-security-alerts.png b/source/images/cloud-security/azure/defender-for-cloud-security-alerts.png
deleted file mode 100644
index dd5dfb6f9e..0000000000
Binary files a/source/images/cloud-security/azure/defender-for-cloud-security-alerts.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/enable-all-plans.gif b/source/images/cloud-security/azure/enable-all-plans.gif
deleted file mode 100644
index 17dd19a72c..0000000000
Binary files a/source/images/cloud-security/azure/enable-all-plans.gif and /dev/null differ
diff --git a/source/images/cloud-security/azure/enable-all-plans.png b/source/images/cloud-security/azure/enable-all-plans.png
deleted file mode 100644
index 3cca22c1cc..0000000000
Binary files a/source/images/cloud-security/azure/enable-all-plans.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/export-data-settings.png b/source/images/cloud-security/azure/export-data-settings.png
new file mode 100644
index 0000000000..30b1b7d8a4
Binary files /dev/null and b/source/images/cloud-security/azure/export-data-settings.png differ
diff --git a/source/images/cloud-security/azure/grant-admin-consent.png b/source/images/cloud-security/azure/grant-admin-consent.png
new file mode 100644
index 0000000000..c61294bdfe
Binary files /dev/null and b/source/images/cloud-security/azure/grant-admin-consent.png differ
diff --git a/source/images/cloud-security/azure/grant-admin-consent2.png b/source/images/cloud-security/azure/grant-admin-consent2.png
new file mode 100644
index 0000000000..08ec62e4e4
Binary files /dev/null and b/source/images/cloud-security/azure/grant-admin-consent2.png differ
diff --git a/source/images/cloud-security/azure/graph-1.png b/source/images/cloud-security/azure/graph-1.png
deleted file mode 100644
index 438c6bc572..0000000000
Binary files a/source/images/cloud-security/azure/graph-1.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/graph-2.png b/source/images/cloud-security/azure/graph-2.png
deleted file mode 100644
index 67d090ec01..0000000000
Binary files a/source/images/cloud-security/azure/graph-2.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/graph-3.png b/source/images/cloud-security/azure/graph-3.png
deleted file mode 100644
index 402f908c29..0000000000
Binary files a/source/images/cloud-security/azure/graph-3.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/graph-4.png b/source/images/cloud-security/azure/graph-4.png
deleted file mode 100644
index ae453b5441..0000000000
Binary files a/source/images/cloud-security/azure/graph-4.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/graph-5.png b/source/images/cloud-security/azure/graph-5.png
deleted file mode 100644
index 981c44f7c5..0000000000
Binary files a/source/images/cloud-security/azure/graph-5.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/graph-6.png b/source/images/cloud-security/azure/graph-6.png
deleted file mode 100644
index 77e7589be6..0000000000
Binary files a/source/images/cloud-security/azure/graph-6.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/graph-7.png b/source/images/cloud-security/azure/graph-7.png
deleted file mode 100644
index a498eefae6..0000000000
Binary files a/source/images/cloud-security/azure/graph-7.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/kibana-services-1.png b/source/images/cloud-security/azure/kibana-services-1.png
deleted file mode 100644
index c2c0678486..0000000000
Binary files a/source/images/cloud-security/azure/kibana-services-1.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/kibana-services-2.png b/source/images/cloud-security/azure/kibana-services-2.png
deleted file mode 100644
index fe5014a212..0000000000
Binary files a/source/images/cloud-security/azure/kibana-services-2.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/log-analytics-activity-send.png b/source/images/cloud-security/azure/log-analytics-activity-send.png
index 11ab4cb020..5ce4b64777 100644
Binary files a/source/images/cloud-security/azure/log-analytics-activity-send.png and b/source/images/cloud-security/azure/log-analytics-activity-send.png differ
diff --git a/source/images/cloud-security/azure/log-analytics-app-1.png b/source/images/cloud-security/azure/log-analytics-app-1.png
deleted file mode 100644
index d233b6844d..0000000000
Binary files a/source/images/cloud-security/azure/log-analytics-app-1.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/log-analytics-app-2.png b/source/images/cloud-security/azure/log-analytics-app-2.png
deleted file mode 100644
index 6126ed04f3..0000000000
Binary files a/source/images/cloud-security/azure/log-analytics-app-2.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/log-analytics-app-3.png b/source/images/cloud-security/azure/log-analytics-app-3.png
deleted file mode 100644
index 06b0775eb2..0000000000
Binary files a/source/images/cloud-security/azure/log-analytics-app-3.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/log-analytics-app-4.png b/source/images/cloud-security/azure/log-analytics-app-4.png
deleted file mode 100644
index 11d2889fec..0000000000
Binary files a/source/images/cloud-security/azure/log-analytics-app-4.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/log-analytics-app-5.png b/source/images/cloud-security/azure/log-analytics-app-5.png
deleted file mode 100644
index 2edf7ecfc6..0000000000
Binary files a/source/images/cloud-security/azure/log-analytics-app-5.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/log-analytics-app-6.png b/source/images/cloud-security/azure/log-analytics-app-6.png
deleted file mode 100644
index f702d858b7..0000000000
Binary files a/source/images/cloud-security/azure/log-analytics-app-6.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/log-analytics-create-key.png b/source/images/cloud-security/azure/log-analytics-create-key.png
deleted file mode 100644
index db03235cfc..0000000000
Binary files a/source/images/cloud-security/azure/log-analytics-create-key.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/log-analytics-diagnostic-1.png b/source/images/cloud-security/azure/log-analytics-diagnostic-1.png
deleted file mode 100644
index 5c27802f86..0000000000
Binary files a/source/images/cloud-security/azure/log-analytics-diagnostic-1.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/log-analytics-diagnostic-2.png b/source/images/cloud-security/azure/log-analytics-diagnostic-2.png
deleted file mode 100644
index 54d51c50ba..0000000000
Binary files a/source/images/cloud-security/azure/log-analytics-diagnostic-2.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/log-analytics-key-created.png b/source/images/cloud-security/azure/log-analytics-key-created.png
deleted file mode 100644
index 4b2ea627b1..0000000000
Binary files a/source/images/cloud-security/azure/log-analytics-key-created.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/log-analytics-new-user.png b/source/images/cloud-security/azure/log-analytics-new-user.png
deleted file mode 100644
index 696230de83..0000000000
Binary files a/source/images/cloud-security/azure/log-analytics-new-user.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/log-analytics-workspace-1.png b/source/images/cloud-security/azure/log-analytics-workspace-1.png
deleted file mode 100644
index 809c44b605..0000000000
Binary files a/source/images/cloud-security/azure/log-analytics-workspace-1.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/log-analytics-workspace-2.png b/source/images/cloud-security/azure/log-analytics-workspace-2.png
deleted file mode 100644
index 3e86907fb6..0000000000
Binary files a/source/images/cloud-security/azure/log-analytics-workspace-2.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/log-analytics-workspace-3.png b/source/images/cloud-security/azure/log-analytics-workspace-3.png
deleted file mode 100644
index 0e59546213..0000000000
Binary files a/source/images/cloud-security/azure/log-analytics-workspace-3.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/log-analytics-workspace-4.png b/source/images/cloud-security/azure/log-analytics-workspace-4.png
deleted file mode 100644
index af78b8b2d7..0000000000
Binary files a/source/images/cloud-security/azure/log-analytics-workspace-4.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/log-analytics-workspace-5.png b/source/images/cloud-security/azure/log-analytics-workspace-5.png
deleted file mode 100644
index 987387210c..0000000000
Binary files a/source/images/cloud-security/azure/log-analytics-workspace-5.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/log-analytics-workspace-id.png b/source/images/cloud-security/azure/log-analytics-workspace-id.png
deleted file mode 100644
index 17ad474a19..0000000000
Binary files a/source/images/cloud-security/azure/log-analytics-workspace-id.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/log-analytics-workspace.gif b/source/images/cloud-security/azure/log-analytics-workspace.gif
deleted file mode 100644
index 1d94740b58..0000000000
Binary files a/source/images/cloud-security/azure/log-analytics-workspace.gif and /dev/null differ
diff --git a/source/images/cloud-security/azure/microsoft-azure-storage-diagram.png b/source/images/cloud-security/azure/microsoft-azure-storage-diagram.png
new file mode 100644
index 0000000000..a06b39a9aa
Binary files /dev/null and b/source/images/cloud-security/azure/microsoft-azure-storage-diagram.png differ
diff --git a/source/images/cloud-security/azure/microsoft-defender-for-cloud-upgrade.png b/source/images/cloud-security/azure/microsoft-defender-for-cloud-upgrade.png
deleted file mode 100644
index 479b51ab4a..0000000000
Binary files a/source/images/cloud-security/azure/microsoft-defender-for-cloud-upgrade.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/microsoft-entra-ID.png b/source/images/cloud-security/azure/microsoft-entra-ID.png
new file mode 100644
index 0000000000..f6d5bd0d93
Binary files /dev/null and b/source/images/cloud-security/azure/microsoft-entra-ID.png differ
diff --git a/source/images/cloud-security/azure/ms-graph-results-in-wazuh-dashboard1.png b/source/images/cloud-security/azure/ms-graph-results-in-wazuh-dashboard1.png
new file mode 100644
index 0000000000..18342c7a20
Binary files /dev/null and b/source/images/cloud-security/azure/ms-graph-results-in-wazuh-dashboard1.png differ
diff --git a/source/images/cloud-security/azure/ms-graph-results-in-wazuh-dashboard2.png b/source/images/cloud-security/azure/ms-graph-results-in-wazuh-dashboard2.png
new file mode 100644
index 0000000000..8926bb3ec6
Binary files /dev/null and b/source/images/cloud-security/azure/ms-graph-results-in-wazuh-dashboard2.png differ
diff --git a/source/images/cloud-security/azure/navigate-to-access-keys.png b/source/images/cloud-security/azure/navigate-to-access-keys.png
new file mode 100644
index 0000000000..40fd5c4436
Binary files /dev/null and b/source/images/cloud-security/azure/navigate-to-access-keys.png differ
diff --git a/source/images/cloud-security/azure/navigate-to-registered-application.png b/source/images/cloud-security/azure/navigate-to-registered-application.png
new file mode 100644
index 0000000000..f15b74111c
Binary files /dev/null and b/source/images/cloud-security/azure/navigate-to-registered-application.png differ
diff --git a/source/images/cloud-security/azure/new-app-registration.png b/source/images/cloud-security/azure/new-app-registration.png
new file mode 100644
index 0000000000..bb90acc3aa
Binary files /dev/null and b/source/images/cloud-security/azure/new-app-registration.png differ
diff --git a/source/images/cloud-security/azure/new-app-registration2.png b/source/images/cloud-security/azure/new-app-registration2.png
new file mode 100644
index 0000000000..2366c85e8f
Binary files /dev/null and b/source/images/cloud-security/azure/new-app-registration2.png differ
diff --git a/source/images/cloud-security/azure/new-client-secret.png b/source/images/cloud-security/azure/new-client-secret.png
new file mode 100644
index 0000000000..de152c7031
Binary files /dev/null and b/source/images/cloud-security/azure/new-client-secret.png differ
diff --git a/source/images/cloud-security/azure/new-client-secret2.png b/source/images/cloud-security/azure/new-client-secret2.png
new file mode 100644
index 0000000000..0a680231e1
Binary files /dev/null and b/source/images/cloud-security/azure/new-client-secret2.png differ
diff --git a/source/images/cloud-security/azure/new-container-available.png b/source/images/cloud-security/azure/new-container-available.png
new file mode 100644
index 0000000000..a52d4e4cd6
Binary files /dev/null and b/source/images/cloud-security/azure/new-container-available.png differ
diff --git a/source/images/cloud-security/azure/new-user-event.png b/source/images/cloud-security/azure/new-user-event.png
deleted file mode 100644
index 1f9c4f5080..0000000000
Binary files a/source/images/cloud-security/azure/new-user-event.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/new-user.png b/source/images/cloud-security/azure/new-user.png
deleted file mode 100644
index 85d8576af5..0000000000
Binary files a/source/images/cloud-security/azure/new-user.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/portal-services.png b/source/images/cloud-security/azure/portal-services.png
deleted file mode 100644
index 6f9a11b2d8..0000000000
Binary files a/source/images/cloud-security/azure/portal-services.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/register-an-application.gif b/source/images/cloud-security/azure/register-an-application.gif
deleted file mode 100644
index 7f1a1f50bb..0000000000
Binary files a/source/images/cloud-security/azure/register-an-application.gif and /dev/null differ
diff --git a/source/images/cloud-security/azure/register-an-application.png b/source/images/cloud-security/azure/register-an-application.png
new file mode 100644
index 0000000000..5ff90212a0
Binary files /dev/null and b/source/images/cloud-security/azure/register-an-application.png differ
diff --git a/source/images/cloud-security/azure/register-application.png b/source/images/cloud-security/azure/register-application.png
new file mode 100644
index 0000000000..5d9998a8fd
Binary files /dev/null and b/source/images/cloud-security/azure/register-application.png differ
diff --git a/source/images/cloud-security/azure/request-api-permissions.gif b/source/images/cloud-security/azure/request-api-permissions.gif
deleted file mode 100644
index 81e7105c7f..0000000000
Binary files a/source/images/cloud-security/azure/request-api-permissions.gif and /dev/null differ
diff --git a/source/images/cloud-security/azure/results-in-wazuh-dashboard.png b/source/images/cloud-security/azure/results-in-wazuh-dashboard.png
new file mode 100644
index 0000000000..f48e35a7bb
Binary files /dev/null and b/source/images/cloud-security/azure/results-in-wazuh-dashboard.png differ
diff --git a/source/images/cloud-security/azure/results-in-wazuh-dashboard2.png b/source/images/cloud-security/azure/results-in-wazuh-dashboard2.png
new file mode 100644
index 0000000000..0499c8ab23
Binary files /dev/null and b/source/images/cloud-security/azure/results-in-wazuh-dashboard2.png differ
diff --git a/source/images/cloud-security/azure/save-application-ID.png b/source/images/cloud-security/azure/save-application-ID.png
new file mode 100644
index 0000000000..948bf2415a
Binary files /dev/null and b/source/images/cloud-security/azure/save-application-ID.png differ
diff --git a/source/images/cloud-security/azure/save-application-ID2.png b/source/images/cloud-security/azure/save-application-ID2.png
new file mode 100644
index 0000000000..49a565c544
Binary files /dev/null and b/source/images/cloud-security/azure/save-application-ID2.png differ
diff --git a/source/images/cloud-security/azure/search-log-analytics-api.png b/source/images/cloud-security/azure/search-log-analytics-api.png
new file mode 100644
index 0000000000..101a4330f1
Binary files /dev/null and b/source/images/cloud-security/azure/search-log-analytics-api.png differ
diff --git a/source/images/cloud-security/azure/select-members.png b/source/images/cloud-security/azure/select-members.png
new file mode 100644
index 0000000000..c8ce2ae409
Binary files /dev/null and b/source/images/cloud-security/azure/select-members.png differ
diff --git a/source/images/cloud-security/azure/select-microsoft-graph-api.png b/source/images/cloud-security/azure/select-microsoft-graph-api.png
new file mode 100644
index 0000000000..24b210d6e4
Binary files /dev/null and b/source/images/cloud-security/azure/select-microsoft-graph-api.png differ
diff --git a/source/images/cloud-security/azure/select-read-log-analytics.png b/source/images/cloud-security/azure/select-read-log-analytics.png
new file mode 100644
index 0000000000..27992d3d93
Binary files /dev/null and b/source/images/cloud-security/azure/select-read-log-analytics.png differ
diff --git a/source/images/cloud-security/azure/select-reader-role.png b/source/images/cloud-security/azure/select-reader-role.png
new file mode 100644
index 0000000000..399690b419
Binary files /dev/null and b/source/images/cloud-security/azure/select-reader-role.png differ
diff --git a/source/images/cloud-security/azure/select-storage-account.png b/source/images/cloud-security/azure/select-storage-account.png
new file mode 100644
index 0000000000..9d0d757b68
Binary files /dev/null and b/source/images/cloud-security/azure/select-storage-account.png differ
diff --git a/source/images/cloud-security/azure/storage-account-configured.png b/source/images/cloud-security/azure/storage-account-configured.png
new file mode 100644
index 0000000000..92a4b25245
Binary files /dev/null and b/source/images/cloud-security/azure/storage-account-configured.png differ
diff --git a/source/images/cloud-security/azure/storage-activity-1.png b/source/images/cloud-security/azure/storage-activity-1.png
deleted file mode 100644
index 05feb610b5..0000000000
Binary files a/source/images/cloud-security/azure/storage-activity-1.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/storage-activity-2.png b/source/images/cloud-security/azure/storage-activity-2.png
deleted file mode 100644
index 6748fa8b43..0000000000
Binary files a/source/images/cloud-security/azure/storage-activity-2.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/storage-activity-3.png b/source/images/cloud-security/azure/storage-activity-3.png
deleted file mode 100644
index 31e84fa27e..0000000000
Binary files a/source/images/cloud-security/azure/storage-activity-3.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/storage-activity-4.png b/source/images/cloud-security/azure/storage-activity-4.png
deleted file mode 100644
index eafb9bd05a..0000000000
Binary files a/source/images/cloud-security/azure/storage-activity-4.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/storage-activity-log.png b/source/images/cloud-security/azure/storage-activity-log.png
deleted file mode 100644
index f3ceefbdc0..0000000000
Binary files a/source/images/cloud-security/azure/storage-activity-log.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/storage-new-user-1.png b/source/images/cloud-security/azure/storage-new-user-1.png
deleted file mode 100644
index e227449066..0000000000
Binary files a/source/images/cloud-security/azure/storage-new-user-1.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/storage-new-user-2.png b/source/images/cloud-security/azure/storage-new-user-2.png
deleted file mode 100644
index 16f045213b..0000000000
Binary files a/source/images/cloud-security/azure/storage-new-user-2.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/storage.png b/source/images/cloud-security/azure/storage.png
deleted file mode 100644
index f23f265c92..0000000000
Binary files a/source/images/cloud-security/azure/storage.png and /dev/null differ
diff --git a/source/images/cloud-security/azure/user-creation-result.png b/source/images/cloud-security/azure/user-creation-result.png
new file mode 100644
index 0000000000..65f3ab0e64
Binary files /dev/null and b/source/images/cloud-security/azure/user-creation-result.png differ
diff --git a/source/images/cloud-security/ms-graph/0-azure-app-new-registration.png b/source/images/cloud-security/ms-graph/0-azure-app-new-registration.png
deleted file mode 100644
index ca6f7e59a7..0000000000
Binary files a/source/images/cloud-security/ms-graph/0-azure-app-new-registration.png and /dev/null differ
diff --git a/source/images/cloud-security/ms-graph/1-azure-wazuh-app-register-application.png b/source/images/cloud-security/ms-graph/1-azure-wazuh-app-register-application.png
deleted file mode 100644
index 60fef745a5..0000000000
Binary files a/source/images/cloud-security/ms-graph/1-azure-wazuh-app-register-application.png and /dev/null differ
diff --git a/source/images/cloud-security/ms-graph/2-azure-wazuh-app-overview.png b/source/images/cloud-security/ms-graph/2-azure-wazuh-app-overview.png
deleted file mode 100644
index 5cbd872a98..0000000000
Binary files a/source/images/cloud-security/ms-graph/2-azure-wazuh-app-overview.png and /dev/null differ
diff --git a/source/images/cloud-security/ms-graph/3-azure-wazuh-app-create-secret-copy-value.png b/source/images/cloud-security/ms-graph/3-azure-wazuh-app-create-secret-copy-value.png
deleted file mode 100644
index 40a2c66886..0000000000
Binary files a/source/images/cloud-security/ms-graph/3-azure-wazuh-app-create-secret-copy-value.png and /dev/null differ
diff --git a/source/images/cloud-security/ms-graph/3-azure-wazuh-app-create-secret.png b/source/images/cloud-security/ms-graph/3-azure-wazuh-app-create-secret.png
deleted file mode 100644
index 6ae7dae42c..0000000000
Binary files a/source/images/cloud-security/ms-graph/3-azure-wazuh-app-create-secret.png and /dev/null differ
diff --git a/source/images/cloud-security/ms-graph/4-azure-wazuh-app-configure-permissions-admin-consent.png b/source/images/cloud-security/ms-graph/4-azure-wazuh-app-configure-permissions-admin-consent.png
deleted file mode 100644
index 063a0d1a08..0000000000
Binary files a/source/images/cloud-security/ms-graph/4-azure-wazuh-app-configure-permissions-admin-consent.png and /dev/null differ
diff --git a/source/images/cloud-security/ms-graph/4-azure-wazuh-app-configure-permissions.png b/source/images/cloud-security/ms-graph/4-azure-wazuh-app-configure-permissions.png
deleted file mode 100644
index b6bfbd04f4..0000000000
Binary files a/source/images/cloud-security/ms-graph/4-azure-wazuh-app-configure-permissions.png and /dev/null differ
diff --git a/source/images/cloud-security/ms-graph/add-api-permissions.png b/source/images/cloud-security/ms-graph/add-api-permissions.png
new file mode 100644
index 0000000000..1bc3e6c524
Binary files /dev/null and b/source/images/cloud-security/ms-graph/add-api-permissions.png differ
diff --git a/source/images/cloud-security/ms-graph/add-new-client-secret.png b/source/images/cloud-security/ms-graph/add-new-client-secret.png
new file mode 100644
index 0000000000..fd80795d0a
Binary files /dev/null and b/source/images/cloud-security/ms-graph/add-new-client-secret.png differ
diff --git a/source/images/cloud-security/ms-graph/alert-on-wazuh-dashboard.png b/source/images/cloud-security/ms-graph/alert-on-wazuh-dashboard.png
new file mode 100644
index 0000000000..d0adbd662d
Binary files /dev/null and b/source/images/cloud-security/ms-graph/alert-on-wazuh-dashboard.png differ
diff --git a/source/images/cloud-security/ms-graph/note-down-information.png b/source/images/cloud-security/ms-graph/note-down-information.png
new file mode 100644
index 0000000000..a48059322f
Binary files /dev/null and b/source/images/cloud-security/ms-graph/note-down-information.png differ
diff --git a/source/images/cloud-security/ms-graph/register-application.png b/source/images/cloud-security/ms-graph/register-application.png
new file mode 100644
index 0000000000..4a6dd39272
Binary files /dev/null and b/source/images/cloud-security/ms-graph/register-application.png differ
diff --git a/source/images/cloud-security/ms-graph/save-secret.png b/source/images/cloud-security/ms-graph/save-secret.png
new file mode 100644
index 0000000000..8efedd3d94
Binary files /dev/null and b/source/images/cloud-security/ms-graph/save-secret.png differ
diff --git a/source/user-manual/reference/ossec-conf/wodle-azure-logs.rst b/source/user-manual/reference/ossec-conf/wodle-azure-logs.rst
index b70d625bd6..965f70e69d 100644
--- a/source/user-manual/reference/ossec-conf/wodle-azure-logs.rst
+++ b/source/user-manual/reference/ossec-conf/wodle-azure-logs.rst
@@ -485,7 +485,7 @@ Key to the application we will use for authentication and to be able to use the
 graph\\auth_path
 ^^^^^^^^^^^^^^^^
 
-Path of the file that contains the application identifier and the application key for authentication in order to use the Azure Active Directory Graph API. Incompatible with the ``application_id`` and ``application_key`` options. Check the :doc:`credentials </cloud-security/azure/activity-services/prerequisites/credentials>` reference for more information about this topic.
+Path of the file that contains the application identifier and the application key for authentication in order to use the Azure Active Directory Graph API. Incompatible with the ``application_id`` and ``application_key`` options. Check the :ref:`credentials <configure_azure_credentials>` reference for more information about this topic.
 
 +--------------------+--------------------+
 | **Default value**  | N/A                |