WebsiteBlogLogin

Office 365

Most recent version: v0.0.3

See the changelog of this Listener type here.

This is a Pull Listener and therefore should not be used in environments with more than one cluster.

Overview

Onum supports integration with Office 365 through the Office 365 Management Activity API.

Office 365 provides a suite of cloud-based productivity tools and services, including apps like Word, Excel, PowerPoint, and Teams, along with online storage via OneDrive and advanced security features.

Select Office 365 from the list of Listener types and click Configuration to start.

Listener configuration

Now you need to specify how and where to collect the data, and how to establish a connection with Office 365.

Metadata

Enter the basic information for the new Listener.

Parameter
Description

Name*

Enter a name for the new Listener.

Description

Optionally, enter a description for the Listener.

Tags

Add tags to easily identify your Listener. Hit the Enter key after you define each tag.

Configuration

Parameter
Description

Tenant ID*

Enter your Office 365 Azure tenant ID. Find this in the Azure Active Directory > Overview, or in the Properties pane.

Application (client) ID*

Needed when accessing Office 365 through APIs or applications. For applications registered in other directories, the Application (Client) ID is located in the application credentials.

  1. Go to the Azure Portal.

  2. Find Microsoft Entra ID in the left menu.

  3. Click App registrations under the Manage section.

  4. Select the application you registered (or search for it).

  5. Under Essentials, find Application (client) ID.

  6. Click Copy to clipboard to save it.

Content Type

Assign your data a Content Type in the form of reusable columns, document templates, workflows, or behaviors. Click Add element to add the required content types.

These are the available content values:

  • Audit.AzureActiveDirectory

  • Audit.Exchange

  • Audit.SharePoint

  • Audit.General (includes all other workloads not included in the previous content types)

  • DLP.All (DLP events only for all workloads)

For details about the events and properties associated with these content types, see Office 365 Management Activity API schema.

Client Secret*

The Client Secret (also called Application Secret) is used for authentication in Microsoft Entra ID (formerly Azure AD) when accessing APIs. To get it:

  1. Click App registrations under the Manage section.

  2. Select your registered application.

  3. In the left menu, click Certificates & secrets.

  4. Under Client secrets, check if an existing secret is available. You cannot view it, so you must have it saved somewhere.

  5. If you need a new one, create one and copy the value immediately.

Subscription Plan*

Choose your plan from the list. Find this in the Microsoft Account Portal under Billing > Your Products.

Polling Interval*

Enter the frequency in minutes with which to grab events. The minimum value is 1, and the maximum value is 60.

Click Create labels to move on to the next step and define the required Labels.

PreviousAzure Event HubsNextOpenTelemetry

Last updated

Was this helpful?