Link
Search

image

NeQter Labs Initial Setup Guide

Office 365

Register an Application

To begin retrieving logs from the Office 365 Management API you’ll need to first register an application in your Azure Portal. This will establish credentials that NeQter can use to access the Office 365 Management API.

NOTE: Registering an application requires access to the Microsoft Azure portal with administrator rights.

  • In your Microsoft Azure portal, navigate to Azure Active Directory from the list of services. If you don’t see Azure Active Directory in that list, you can select All services and search for it there.
  • Navigate to App registrations on the left-hand bar.
  • To register an application, click New registration.
  • Give the application a name.
  • Select Accounts in this organizational directory only for the supported account type.
  • Click Register at the bottom of the form.

image

  • From the newly registered application’s Overview section, record the Application (client) ID and the Directory (tenant) ID values. You will need these values to complete the configuration.

image

Create a client secret

  • Navigate to Certificates & secrets from the application’s menu.
  • Click New client secret.
  • Give the client secret a description.
  • Select 24 Months for the expiration.

image

NOTE: 24 Months is the highest amount of time Microsoft will allow, we recommend setting a reminder near the expiration date to setup a new client secret and reconfigure your O365 to utilize the new one.

  • Record the value of the newly created client secret.

IMPORTANT NOTE: You’ll need this value to complete the configuration and won’t be able to retrieve it later. It will only appear after the secret is first created.

image

Next you will need to give the application you just created permissions needed for your NeQter product to utilize Office 365’s Audit Logs.

1. Navigate to the API Permissions menu and then select “Add a Permission” on the top left.

2. Next Scroll down the options available to you until you find Office 365 Management API on the right menu.

3. Once selected, you will see two options on the top of the listing, “Delegated Permissions” and “Application Permissions”; select Application Permissions and look for ActivityFeed.

4. Select ActivityFeed and allow ActivityFeed.Read.

NOTE: If you want to have ULP Logs allow ActivityFeed.ReadDlp.

5. Select ServiceHealth and then allow ServiceHealth.Read.

6. Click Add Permissions

image

Once you’ve added the permissions you need, on the bottom left of the page there will be a Grant admin consent Button, click it and select Yes on the dialogue box the appears.

image

Retrieving Logs

Once you’ve completed the above steps, navigate to the Settings page on your NeQter device. From there you will go to Inputs then under Input Configuration choose Microsoft Office 365 from the box. This is where you will copy and paste the ID values of the Tenant ID, Client ID and Client Secret you recorded previously. Next choose which Logs you wish to receive and then click Save Settings and Enable.

image