Version:

Configuring Office365

Configuring Office365 Fetcher in Azure Active Directory

Registering the Office365 Fetcher in the Azure Active Directory

  1. Go to the Azure Portal.

  2. Enter your credentials for the Azure Portal.

  3. Go to Azure Active Directory >> App registrations.

  4. Click New registration.

_images/Office365_newApp.png

Adding a New Application

  1. Enter a Name.

  2. Select Supported account types.

  3. In the Redirect URI (optional) section:

    7.1 Select Public client (mobile & desktop).

    7.2 Enter the following address.

    http://localhost

  4. Click Register.

_images/Office365_newApp_create.png

Creating a New Application

Note

You need the Application (client) ID and the Directory (tenant) ID to Configure the Office365 Fetcher in LogPoint.

_images/Office365_applicationID.png

Application ID

  1. Go to API permissions.

  2. Click Add a permission.

_images/office365_applicationpermission.png

Adding a Permission

  1. Click Microsoft APIs.

  2. Select Office 365 Management APIs.

_images/office365_office365managementAPIs.png

Selecting Office 365 Management APIs

  1. Click Application permissions.

_images/office365_permissions.png

Application Permissions

  1. Select all the available read permissions.

  2. Click Add permissions.

_images/office365_.selectingreadpermissions.png

Selecting Read Permissions

  1. Click Grant admin consent for Default Directory.

_images/office365_grantpermissionsforlp.png

Granting Admin Consent

  1. Click Yes.

_images/office365_dialoguebox.png

Confirmation Dialog Box

_images/office365_grantconsent.png

Grant Consent

  1. Go to Authentication.

  2. Enable Allow public client flows to Yes.

_images/office365.png

Public Client Flows

Alternatively, you can add the following key to the Manifest section in the Azure portal.

"allowPublicClient": true

  1. Click Certifictes & secrets and Client secrets.

  2. Click New client secret.

_images/clientsecret.png

Client Secret

  1. Enter a Description.

  2. Select expiration date for the client secret in the Expires column.

  3. Click Add.

_images/clientsecretdd.png

Adding a Client Secret

Note

Note down the Value of the Client Secret before closing the window; otherwise, you cannot retrieve it later. You need the value to Configure the Office365 Fetcher in LogPoint.

_images/value.png

Value of Client Secret

Uploading Certificates in the Azure Active Directory

  1. Enter the following command in command prompt to generate a certificate key:

    openssl genrsa -out server.pem 2048

  2. Enter the following command to create a certificate request:

    openssl req -new -key server.pem -out server.csr

  3. Enter the following command in the command prompt to generate a certificate:

    openssl x509 -req -days 365 -in server.csr -signkey server.pem -out server.crt

  4. Save the certificates generated.

Note

The process provides you with two certificates. You must upload the certificate with the .crt extension on Azure Portal and the certificate with the .pem extension in LogPoint’s Office365 configuration page.

  1. Click Certificates & secrets on application page in the Azure Active Directory portal.

  2. Click Certificates and Upload Certificate.

_images/certificate.png

Uploading a Certificate

  1. Select and upload the previously saved certificate with the extension .crt.

  2. Enter a Description for the certificate.

  3. Click Add.

_images/uploadcertificate.png

Uploading a Certificate

Note

Note down the Thumbprint of a certificate. You need the value to Configure the Office365 Fetcher in LogPoint.

_images/value.png

Value of Client Secret

Configuring Office365 in LogPoint

Adding a Normalization Policy

  1. Go to Settings >> Configuration >> Normalization Policies.

  2. At the top left, click Add.

  3. Enter a Policy Name.

  4. In Compiled Normalizers, select Office365.

  5. In Normalization Packages, select Office365.

  6. Click Submit.

_images/office365_addNormalizationPolicy.png

Adding a Normalization Policy

Configuring the Office365 Fetcher

  1. Go to Settings >> Configuration >> Devices.

  2. Click the Add collectors/fetchers (add) icon under Actions of the localhost device.

_images/devices_section.png

Adding a Fetcher for the Device

  1. Click Office365 Fetcher.

_images/office365_available-collectors-fetchers.png

Available Collectors Fetchers Panel

  1. At the top left, click Add.

_images/office365_panel_add.png

Office365 Fetcher Panel

  1. Select a mode of Authentication:

    5.1. If you select the Public Client, enter the Username and Password for the Office 365 account.

    _images/publicclient.png

    Public Client

    5.2. If you select Client Secret, enter the Value of Client Secret in the Client Secret field.

    _images/clientsecret321.png

    Client Secret

    5.3. If you select Certificate,

    5.3.1. Enter the Office 365 Certificate Thumbprint in the Certificate Thumbprint field.

    5.3.2. Upload the previously saved Certificate with the .pem extension in the Certificate File option.

    _images/certficate234.png

    Certificate Thumbnail

  2. Enter the Fetch Interval (minutes).

  3. Select a Processing Policy that uses the previously created normalization policy.

  4. Enter the Directory (tenant) ID in the Tenant ID field.

  5. Enter the Application (client) ID in the Application ID field.

  1. Select Enable Proxy if you use a proxy server.

  2. In the Proxy Configuration section:

    12.1 Enter the IP Address and the Port number for the proxy server.

    12.2 Select HTTP or HTTPS protocol.

  3. Click Test to validate the configuration.

  4. Click Submit.

Note

When you configure and run Office365 for the first time, a subscription is created to different audit log sources in the API. Once set, there is a time gap of 12 to 24 hours before the logs start to come in.

Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support