Office 365 Management API Integration Guide
integrations cloud microsoft office 365
The Office 365 Management API provides auditing information about various user, admin, system, and policy actions and events from Office 365 and Azure Active Directory activity logs. Secureworks® Taegis™ XDR needs authorization from Azure AD and the Office 365 Management API in order to receive your data.
Important
You must turn on Office 365 audit logging for XDR to receive data from it. Audit logging for Office 365 is off by default. For more information, see Turn Office 365 audit log search on or off in the Microsoft docs.
For more information on the Office 365 Management Activity API, see Office 365 Management APIs Overview in the Microsoft docs.
Data Availability and Collection Times ⫘
Alerts are ingested using the Microsoft REST APIs on a polling basis. For information on data availability, see Office 365 and Azure Data Availability.
Data Provided from Integrations ⫘
Antivirus | Auth | CloudAudit | DHCP | DNS | Encrypt | HTTP | Management | Netflow | NIDS | Thirdparty | ||
---|---|---|---|---|---|---|---|---|---|---|---|---|
MS Office 365 | D, V | V | V |
Y = Normalized | D = Out-of-the-Box Detections | V = Vendor-Specific Detections
Note
XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.
Consent the Application ⫘
- Navigate to Integrations and select Cloud APIs from the left-hand pane in XDR.
- Select the option to Add API Integration and choose Set up Azure Integrations.
- In the Office 365 Management API section, choose Authorize.
- Pick an account that has privileges to grant permissions to the XDR application.
Manage O365 Management API Integrations
- Choose Accept.
- Enter a unique name for the integration.
Manage O365 Management API Integrations
- Select Done.
Follow-On ⫘
Complete the Link a Partner Process.