Skip to main content
Version: 2.0.0

OFFICE365 Integrations

Office365 Integration

tenant_id: <your tenant id> #Tenant id of your application registered in Azure. 

client_id: <your client id> #Client id of your application registered in Azure. 

client_secret_path: < your client secret path > # Path of the file that contains the client secret value of your application registered in Azure. Incompatible with client_secret option. 

client_secret: <Your client secret> #Client secret value of your application registered in Azure.

Subscriptions:

  • Audit.AzureActiveDirectory #User identity management.
  • Audit.SharePoint #Web-based collaborative platform.
  • Audit.General #Includes all other workloads not included in the previous content types.
  • DLP.All #Data loss prevention workloads.

Save the configuration and send them to Zeron Team.

For Zensor to successfully connect to the Office365 API, an authentication process is required. To do this, we must provide the tenant_id, client_id, and client_secret of the application that we authorize in the organization.

Register your app

To authenticate with the Microsoft identity platform endpoint, you need to register an app in your Microsoft Azure portal app registrations section. Once there click on New registration:

App Registeration

Fill in the name of your app, choose the desired account type and click on the Register button:

Registeration Application

The app is now registered, and you can see information about it in its Overview section, at this point we can get the client and tenant IDs:

Overview

Certificates & secrets

Certificates and Secrets

You can generate a password to use during the authentication process. Go to Certificates & secrets and click on New client secret, then the name and the expiration date of the New client secret are requested:

Copy and save the value section.

Certificates and Secrets Value

Note Make sure you write it down because the UI won’t let you copy it afterward.

API Permissions

The application needs specific API permissions to be able to request the Office 365 activity events. In this case, you are looking for permissions related to the https://manage.office.com resource. To configure the application permissions, go to the API permissions page and choose Add a permission. Select the Office 365 Management APIs and click on Application permissions. You need to add the following permissions under the ActivityFeed group: ActivityFeed.Read. Read activity data for your organization. ActivityFeed.ReadDlp. Read DLP policy events including detected sensitive data.

Add permission

Note Admin consent is required for API permission changes.

Api permission