tenant_id: <your tenant id> #Tenant id of your application registered in Azure.
client_id: <your client id> #Client id of your application registered in Azure.
client_secret_path: < your client secret path > # Path of the file that contains the client secret value of your application registered in Azure. Incompatible with client_secret option.
client_secret: <Your client secret> #Client secret value of your application registered in Azure.
- Audit.AzureActiveDirectory #User identity management.
- Audit.SharePoint #Web-based collaborative platform.
- Audit.General #Includes all other workloads not included in the previous content types.
- DLP.All #Data loss prevention workloads.
Save the configuration and send them to Zeron Team.
For Zensor to successfully connect to the Office365 API, an authentication process is required. To do this, we must provide the tenant_id, client_id, and client_secret of the application that we authorize in the organization.
Register your app
To authenticate with the Microsoft identity platform endpoint, you need to register an app in your Microsoft Azure portal app registrations section. Once there click on New registration:
Fill in the name of your app, choose the desired account type and click on the Register button:
The app is now registered, and you can see information about it in its Overview section, at this point we can get the client and tenant IDs:
Certificates & secrets
You can generate a password to use during the authentication process. Go to Certificates & secrets and click on New client secret, then the name and the expiration date of the New client secret are requested:
Copy and save the value section.
Note Make sure you write it down because the UI won’t let you copy it afterward.
The application needs specific API permissions to be able to request the Office 365 activity events. In this case, you are looking for permissions related to the https://manage.office.com resource. To configure the application permissions, go to the API permissions page and choose Add a permission. Select the Office 365 Management APIs and click on Application permissions. You need to add the following permissions under the ActivityFeed group: ActivityFeed.Read. Read activity data for your organization. ActivityFeed.ReadDlp. Read DLP policy events including detected sensitive data.
Note Admin consent is required for API permission changes.