Office 365
Most recent version: v0.0.3
Last updated
Was this helpful?
Most recent version: v0.0.3
Last updated
Was this helpful?
Was this helpful?
This is a Pull Listener and therefore should not be used in environments with more than one cluster.
Onum supports integration with Office 365.
Select Office 365 from the list of Listener types and click Configuration to start.
Now you need to specify how and where to collect the data, and how to establish a connection with Office365.
Enter the basic information for the new Listener.
Name*
Enter a name for the new Listener.
Description
Optionally, enter a description for the Listener.
Tags
Add tags to easily identify your Listener. Hit the Enter key after you define each tag.
Tenant ID*
This gives access to your
Find this in the Azure Active Directory>Overview, or in the Properties pane.
Client ID*
Needed when accessing Microsoft 365 through APIs or applications. For applications registered in other directories, the Application (Client) ID is located in the application credentials.
Go to the Azure Portal.
Find Microsoft Entra ID in the left menu.
Click App registrations under the Manage section.
Select the application you registered (or search for it).
Under Essentials, find Application (client) ID.
Click "Copy to clipboard" to save it.
Content Type
Assign your data a Content Type in the form of reusable columns, document templates, workflows, or behaviors.
Content Type values:
Audit.AzureActiveDirectory
Audit.Exchange
Audit.SharePoint
Audit.General
DLP.All
Start a subscription to begin receiving notifications and retrieving activity data for a tenant.
curl -d "" -H "Authorization: Bearer {access_token}" -X POST "https://manage.office.com/api/v1.0/{tenant_id}/activity/feed/subscriptions/start?contentType={list_of_content_type_you_wanna_subscribe_to}"Stop a subscription to discontinue retrieving data for a tenant
curl -d "" -H "Authorization: Bearer {access_token}" -X POST "https://manage.office.com/api/v1.0/{tenant_id}/activity/feed/subscriptions/stop?contentType={list_of_content_type_you_wanna_unsubscribe_from}"Content type example (this will subscribe you to active directory and exchange):
contentType=Audit.AzureActiveDirectory,Audit.ExchangeHere is the list of all the APIs you can use.
Once you start a subscription, you can use your Listener to fetch data.
For easier testing here is the curl command to fetch the list of updates:
curl -d "" -H "Authorization: Bearer {access_token}" -X GET "https://manage.office.com/api/v1.0/{tenant_id}/activity/feed/subscriptions/content?contentType={list_of_content_types}"
If you are still getting errors when sending requests, go to PureView and start audit. Once you start audit you must wait for few hours to send requests again and it should work.
Client Secret*
The Client Secret (also called an Application Secret) is used for authentication in Microsoft Entra ID (formerly Azure AD) when accessing APIs.
Click App registrations under the Manage section.
Select your registered application.
In the left menu, click Certificates & secrets.
Under Client secrets, check if an existing secret is available. You cannot view it so you must have it saved somewhere.
If you need a new one, create one and copy the value immediately.
Subscription Plan*
Choose your plan from the list.
Find this in the Microsoft Account Portal under Billing>Your Products.
Polling Interval*
Enter the frequency in minutes with which to grab events, e.g. every 5 minutes.
Click Create labels to move on to the next step and define the required Labels.