Microsoft 365 integration¶
Basic operation¶
The Microsoft365 integration is built into the OctoSAM Import Service. It uses the Microsoft Graph Library to connect to Entra ID (formerly Azure AD) and Office 365
Your network infrastructure needs to allow Microsoft Graph API calls to the Microsoft 365 Graph API endpoint.
Register OctoSAM Import Service as an Azure App¶
Essentials¶
Register an application OctoSAM Import Service for your organization only.
Copy the following information:
- Application (client) ID
- Directory (tenant) ID
- The secret
Required API permissions¶
- AuditLog.Read.All (Application)
- Reports.Read.All (Application)
- Directory.Read.All (Application)
- UserAuthenticationMethod.Read.All (Application)
- User.Read.All (Application)
- User.Read (Delegated)
Configure the OctoSAM Import service to connect to Microsoft Graph¶
See the sample configuration file appsettings.json:
//
// Integrated Microsoft 365 / Azure AD Graph Scan
// ----------------------------------------------
//
// Name: A user defined name to identify the configuration in log an error messages
//
// ApplicationId: ApplicationId from Azure AD App registration
// TenantId: Azure AD tenant information
// Secret: Secret from Azure AD App registration
// (prefer SecretCredentialManagerTarget and store the secret in the Windows Credential Manager)
// SecretCredentialManagerTarget: Target name to load secret from the Windows Credential Manager.
// If this setting is set, the setting for Secret is ignored.
//
"MicrosoftGraph": {
"Scans": [
{
"ApplicationId" : "2855c234-88bf-49a5-89ce-2c950715e6b3",
"TenantId":"a07c4b22-98eb-4586-a599-fa3616d0afbb",
"SecretCredentialManagerTarget":"msgraph"
}
]
},
Info
We recommend that you store the secret in the Windows Credential Manager.