Microsoft Office 365

Samurai [Local] CollectorSamurai [Cloud] CollectorSamurai [Cloud Native] Collector
Picture1.svg

To complete this Integration you will need to:

1) Within Microsoft 365:

2) From the Samurai MDR portal:

Ensure Microsoft 365 auditing is enabled

mceclip0.png Audit logging will be turned on by default for Microsoft 365 and Office 365 enterprise organizations. However, when setting up a new Microsoft 365 or Office 365 organization, you should verify the auditing status for your organization

Follow the steps outlined within the Office365 documentation to ensure audit logging is enabled:

Verify that Azure Exchange Mailbox Auditing is Enabled

mceclip0.png This is only necessary if monitoring Azure Exchange.

Azure Exchange Mailbox Auditing is enabled by default however verify this by following the Office365 documentation:

Register application with Azure Active Directory

Follow the steps outlined within the Office365 documentation:

Use the following parameters when completing the steps:

Field NameParameter
Name of appWhatever you want, however we suggest NTT_app
Supported Account TypesSelect Accounts in this organizational directory only (single tenant)
Redirect URINot required

Table 1: App registration

mceclip0.png Take note of the Application (client) ID and the Directory (tenant) ID as this information will be needed when you Complete the Office 365 Integration within the Samurai MDR portal.

Generate Application Secret Key

Follow the steps within the Office365 documentation:

Use the following parameters when completing the steps:

Field NameParameter
DescriptionWhatever you want, however we suggest NTT_app
ExpiresThe expiration period will depend on your company’s security policies. It will be your responsibility to create a new key should it expire and update the Integration when you Complete the Office 365 Integration
Redirect URINot required

Table 2: Secret key

mceclip0.png Take note of the Client secret as this information will be needed when you Complete the Office 365 Integration within the Samurai MDR portal.

Specify permissions for the app

Follow the steps within the Office365 documentation:

Use the following parameters when completing the steps:

Field NameParameter
Request API permissionsApplication permissions
PermissionsActivityFeed.Read

ActivityFeed.ReadDlp

ServiceHealth.Read

Table 3: App permissions

Complete the Microsoft Office 365 Integration

You will need:

  1. Login to the Samurai MDR portal
  2. Click Telemetry and select Integrations from the main menu
  3. Select Create
  4. Locate and click Microsoft Office 365
  5. Click Next (we leverage a Samurai Cloud Collector)
  6. Enter a Name of Integration
  7. Enter a Description (Optional)
  8. Enter your Application (client) ID
  9. Enter your Directory (tenant) ID
  10. Enter your Secret Key (client Secret)
  11. Click Finish

mceclip0.png For general information on Integrations refer to the Integrations article.

Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai MDR application and we shall get it updated.