Link Search Menu Expand Document

Office365 Audit API

Table of contents
  1. Obtaining Tenant ID from Azure Active Directory
  2. Enable Auditing for Account/Organization
  3. Configure the Office365 plugin in Fluency
  4. Create the Office365 Integration plugin
  5. Review/Accept Permission grant request
  6. Additional Information
    1. Removing permissions

This guide addresses the procedures required to allow Fluency Cloud to access User Account Audit data on an Office 365 account.

Obtaining Tenant ID from Azure Active Directory

Your organization’s Tenant ID from Azure Active Directory will allow Fluency to use the Office365 Management APIs to poll for your data.

This Tenant ID can be found in the Azure Active Directory portal at https://aad.portal.azure.com/.

Enable Auditing for Account/Organization

Before you can access data through the Office 365 Management Activity API, you must enable unified audit logging for your Office 365 organization. You do this by turning on the Office 365 audit log. For instructions, see the following Microsoft links:

https://docs.microsoft.com/en-us/microsoft-365/compliance/turn-audit-log-search-on-or-off?view=o365-worldwide

https://support.microsoft.com/en-us/office/auditing-in-office-365-for-admins-9f6484d2-0fd2-17de-165f-c41346023906

Configure the Office365 plugin in Fluency

Login to the Fluency Cloud portal: https://<companyname>.cloud.fluencysecurity.com.

Open the dropdown menu and choose the “Cloud Import” option until the Configuration section.

Click “+ CLOUD CONNECTOR” to open the dropdown menu with connector options. Select Office365.

Create the Office365 Integration plugin

Provide a customer name for this integration. Normally, this will just be the name of your organization. This value will be used solely within Fluency.

NOTE: It is suggested to avoid using spaces when creating the customer name.

Enter the TenantID for the organization that was obtained earlier.

Click “SAVE” to save this configuration. You will be redirected to a Microsoft login page to provide Admin consent.

Review/Accept Permission grant request

In the following section, please ensure that the Microsoft account used has the Administrative privileges to provide the required consent on behalf of your organization.

The following permissions are required in order to enable Fluency to access User Account Audit events via the Office365 Management API:

  • Read activity data for your organization
  • Read service health information for your organization
  • Read DLP policy events including detected sensitive data
  • Read user profile

You will see the following page after successful authentication:

Upon granting consent, you will be redirected back to the Fluency portal.

Please contact the Fluency Support team if you encounter any errors in the above process.

Additional Information

Upon completion of the above steps, the Fluency agent will be able to import audit logs from the Office365 account (Tenant ID), via the Office 365 Management API.

MS documentation reference:

https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api-reference

Removing permissions

Admin users can remove the permissions for Fluency@fluencysecurity anytime from Azure Active Directory’s “Applications” page.