Table of contents
This guide addresses the procedures required to allow Fluency Cloud to access User Account Audit data on an Office 365 account.
Your organization’s Tenant ID from Azure Active Directory will allow Fluency to use the Office365 Management APIs to poll for your data.
This Tenant ID can be found in the Azure Active Directory portal at https://aad.portal.azure.com/.
Before you can access data through the Office 365 Management Activity API, you must enable unified audit logging for your Office 365 organization. You do this by turning on the Office 365 audit log. For instructions, see the following Microsoft links:
Login to the Fluency Cloud portal: https://<companyname>.cloud.fluencysecurity.com.
Open the dropdown menu and choose the “Cloud Import” option until the Configuration section.
Click “+ CLOUD CONNECTOR” to open the dropdown menu with connector options. Select Office365.
Provide a customer name for this integration. Normally, this will just be the name of your organization. This value will be used solely within Fluency.
NOTE: It is suggested to avoid using spaces when creating the customer name.
Enter the TenantID for the organization that was obtained earlier.
Click “SAVE” to save this configuration. You will be redirected to a Microsoft login page to provide Admin consent.
In the following section, please ensure that the Microsoft account used has the Administrative privileges to provide the required consent on behalf of your organization.
The following permissions are required in order to enable Fluency to access User Account Audit events via the Office365 Management API:
- Read activity data for your organization
- Read service health information for your organization
- Read DLP policy events including detected sensitive data
- Read user profile
You will see the following page after successful authentication:
Upon granting consent, you will be redirected back to the Fluency portal.
Please contact the Fluency Support team if you encounter any errors in the above process.
Upon completion of the above steps, the Fluency agent will be able to import audit logs from the Office365 account (Tenant ID), via the Office 365 Management API.
MS documentation reference:
Admin users can remove the permissions for Fluency@fluencysecurity anytime from Azure Active Directory’s “Applications” page.