Microsoft 365 integration¶
Basic operation¶
The Microsoft365 integration is built into the OctoSAM Import Service. It uses the Microsoft Graph Library to connect to Entra ID (formerly Azure AD) and Office 365
Your network infrastructure needs to allow Microsoft Graph API calls to the Microsoft 365 Graph API endpoint.
Register OctoSAM Import Service as an Azure App¶
Essentials¶
Register an application OctoSAM Import Service
for your organization only.
Copy the following information:
- Application (client) ID
- Directory (tenant) ID
- The secret
Required API permissions¶
- AuditLog.Read.All (Application)
- Reports.Read.All (Application)
- Directory.Read.All (Application)
- UserAuthenticationMethod.Read.All (Application)
- User.Read.All (Application)
- User.Read (Delegated)
Info
Usage reports can not be imported if Microsoft 365 is configured to obfuscate user information in reports. Usage reports may not be anonymized if you want to import them into OctoSAM.
Entra
Import of user sign in activtity requires an Entra ID P1 or P2 license
Configure the OctoSAM Import service to connect to Microsoft Graph¶
See the sample configuration file appsettings.json
:
//
// Integrated Microsoft 365 / Azure AD Graph Scan
// ----------------------------------------------
//
// Name: A user defined name to identify the configuration in log an error messages
//
// ApplicationId: ApplicationId from Azure AD App registration
// TenantId: Azure AD tenant information
// Secret: Secret from Azure AD App registration
// (prefer SecretCredentialManagerTarget and store the secret in the Windows Credential Manager)
// SecretCredentialManagerTarget: Target name to load secret from the Windows Credential Manager.
// If this setting is set, the setting for Secret is ignored.
//
// ImportSignInActivity Can be set to false if either the AuditLog.Read.All permission is not given or the tenant does not have a license that allows SignInActivity logging
// SignInActivity import requires an Entra ID P1 or P2 license.
//
// ImportUsageReports Can be set to false if the Reports.Read.All permission is not given or if the reports are anonymized in Graph
//
"MicrosoftGraph": {
"Scans": [
{
"ApplicationId" : "2855c234-88bf-49a5-89ce-2c950715e6b3",
"TenantId": "a07c4b22-98eb-4586-a599-fa3616d0afbb",
"SecretCredentialManagerTarget": "msgraph",
// "ImportSignInActivity": true
// "ImportUsageReports" : true
}
]
},
Info
We recommend that you store the secret in the Windows Credential Manager.