Microsoft Office 365

Samurai [Local] Collector	Samurai [Cloud] Collector

To complete this Integration you will need to:

1) Within Microsoft 365:

Ensure Microsoft Office 365 auditing is enabled
Ensure Azure Exchange mailbox auditing is enabled (if monitoring Azure Exchange)
Register application with Azure Active Directory
Generate application secret key
Specify permissions for the app

2) From the Samurai MDR portal:

Complete the Office 365 Integration

Ensure Microsoft 365 auditing is enabled

Audit logging will be turned on by default for Microsoft 365 and Office 365 enterprise organizations. However, when setting up a new Microsoft 365 or Office 365 organization, you should verify the auditing status for your organization.

Follow the steps outlined within the Office365 documentation to ensure audit logging is enabled:

Turn auditing on or off

Verify that Azure Exchange Mailbox Auditing is Enabled

This is only necessary if monitoring Azure Exchange.

Azure Exchange Mailbox Auditing is enabled by default however verify this by following the Office365 documentation:

Manage mailbox auditing

Register application with Azure Active Directory

Follow the steps outlined within the Office365 documentation:

Use the following parameters when completing the steps:

Field Name	Parameter
Name of app	Whatever you want, however we suggest NTT_app
Supported Account Types	Select Accounts in this organizational directory only (single tenant)
Redirect URI	Not required

Table 1: App registration

Take note of the Application (client) ID and the Directory (tenant) ID as this information will be needed when you Complete the Office 365 Integration within the Samurai MDR portal.

Generate Application Secret Key

Follow the steps within the Office365 documentation:

Generate a new key for your application

Use the following parameters when completing the steps:

Field Name	Parameter
Description	Whatever you want, however we suggest NTT_app
Expires	The expiration period will depend on your company’s security policies. It will be your responsibility to create a new key should it expire and update the Integration when you Complete the Office 365 Integration
Redirect URI	Not required

Table 2: Secret key

Take note of the Client secret as this information will be needed when you Complete the Office 365 Integration within the Samurai MDR portal.

Specify permissions for the app

Follow the steps within the Office365 documentation:

Specify the permissions your app requires to access the Office 365 Management APIs

Use the following parameters when completing the steps:

Field Name	Parameter
Request API permissions	Application permissions
Permissions	ActivityFeed.Read ActivityFeed.ReadDlp ServiceHealth.Read

Table 3: App permissions

Complete the Microsoft Office 365 Integration

You will need:

Application (client) ID and Directory (tenant) ID created during Register application with Azure Active Directory
Client Secret created during Generate Application Secret Key

Login to the Samurai MDR portal
Click Telemetry and select Integrations from the main menu
Select Create
Locate and click Microsoft Office 365
Click Next (we leverage a Samurai Cloud Collector)
Enter a Name of Integration
Enter a Description (Optional)
Enter your Application (client) ID
Enter your Directory (tenant) ID
Enter your Secret Key (client Secret)
Click Finish

Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai MDR application and we shall get it updated.