🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Office 365 Management API Integration Guide

integrations cloud microsoft office 365

The Office 365 Management API provides auditing information about various user, admin, system, and policy actions and events from Office 365 and Azure Active Directory activity logs. Secureworks® Taegis™ XDR needs authorization from Azure AD and the Office 365 Management API in order to receive your data.

Important

You must turn on Office 365 audit logging for Taegis™ XDR to receive data from it. Audit logging for Office 365 is off by default. For more information, see Turn Office 365 audit log search on or off in the Microsoft docs.

For more information on the Office 365 Management Activity API, see Office 365 Management APIs Overview in the Microsoft docs.

Data Availability and Collection Times

Alerts are ingested using the Microsoft REST APIs on a polling basis. For information on data availability, see Office 365 and Azure Data Availability.

Data Provided from Integrations

  Antivirus Auth CloudAudit DHCP DNS Email Encrypt HTTP Management Netflow NIDS Thirdparty
MS Office 365   D, V V                 V

Y = Normalized | D = Out-of-the-Box Detections | V = Vendor-Specific Detections

Note

Taegis™ XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.

  1. Navigate to Integrations and select Cloud APIs from the left-hand pane in Taegis™ XDR.
  2. Select the option to Add API Integration and choose Set up Azure Integrations.
  3. In the Office 365 Management API section, choose Authorize.
  4. Pick an account that has privileges to grant permissions to the Taegis™ XDR application.

Manage O365 Management API Integration

Manage O365 Management API Integrations

  1. Choose Accept.
  2. Enter a unique name for the integration.

Name the O365 Management API Integration

Manage O365 Management API Integrations

  1. Select Done.

Follow-On

Complete the Link a Partner Process.

 

On this page: