Office 365 collector
Generate credentials in Azure AD
- Begin by creating and registering your application within Azure AD. Give it a name of your choice to identify it, such as devo-integration. The Redirect URI field may be left blank. Make note of the application's Client Id as well as the Tenant Id. Learn more here.
- Move to the API Permissions section on the left menu, then click Add a permission in the main pane. Find the Office 365 Management APIs section and click on it.
- Then click Application permissions, and enable the appropriate permissions, at least the two under ActivityFeed. Click Add permissions.
- Once you have added the permissions you need to grant admin consent to the application, you should see a message confirming Successfully granted admin consent for the requested permissions. Learn more here.
The permissions that need to be set are as follows:
- Read activity data from your organization
- Read service health information from your organization
- Read DLP policy events including detected sensitive data (only if pulling “DLP.All” from Management Activity)
- Generate a new key (also called client secret value in the application) and copy/record it for later use. This is done in the left-hand menu under Certificates & secrets and can be done by clicking New client secret. Learn more here.
Azure only displays the client secret value at the time you initially generate it. You cannot navigate back to this page and retrieve the client secret value later.
Choose data types
The Office 365 Collectors allows you to collect 3 types of logs: Management Activity, Service Status Snapshots, and Service Messages. Details about each type are below.
This data type collects actions and events from The Office 365 Management Activity API. The content types available are:
More details on the Office 365 Management Activity API can be found here.
Fully managed solution
To deploy the Office 365 Collector in the Devo-managed Collector Server, please contact your account representative and/or the Professional Services team, and provide the configuration for your data type(s) as specified above. This final configuration will need a tenant id, a client id, a client secret, and a list of the content types you would like to pull.