| Samurai [Local] Collector | Samurai [Cloud] Collector | Samurai [Cloud Native] Collector |
|---|---|---|
 |
To complete this Integration you will need to:
1) Within Microsoft 365:
- Ensure Microsoft Office 365 auditing is enabled
- Ensure Azure Exchange mailbox auditing is enabled (if monitoring Azure Exchange)
- Register application with Azure Active Directory
- Generate application secret key
- Specify permissions for the app
2) From the Samurai MDR portal:
Ensure Microsoft 365 auditing is enabled
Audit logging will be turned on by default for Microsoft 365 and Office 365 enterprise organizations. However, when setting up a new Microsoft 365 or Office 365 organization, you should verify the auditing status for your organization
Follow the steps outlined within the Office365 documentation to ensure audit logging is enabled:
Verify that Azure Exchange Mailbox Auditing is Enabled
This is only necessary if monitoring Azure Exchange.
Azure Exchange Mailbox Auditing is enabled by default however verify this by following the Office365 documentation:
Register application with Azure Active Directory
Follow the steps outlined within the Office365 documentation:
Use the following parameters when completing the steps:
| Field Name | Parameter |
|---|---|
| Name of app | Whatever you want, however we suggest NTT_app |
| Supported Account Types | Select Accounts in this organizational directory only (single tenant) |
| Redirect URI | Not required |
Table 1: App registration
Take note of the Application (client) ID and the Directory (tenant) ID as this information will be needed when you Complete the Office 365 Integration within the Samurai MDR portal.
Generate Application Secret Key
Follow the steps within the Office365 documentation:
Use the following parameters when completing the steps:
| Field Name | Parameter |
|---|---|
| Description | Whatever you want, however we suggest NTT_app |
| Expires | The expiration period will depend on your company’s security policies. It will be your responsibility to create a new key should it expire and update the Integration when you Complete the Office 365 Integration |
| Redirect URI | Not required |
Table 2: Secret key
Take note of the Client secret as this information will be needed when you Complete the Office 365 Integration within the Samurai MDR portal.
Specify permissions for the app
Follow the steps within the Office365 documentation:
Use the following parameters when completing the steps:
| Field Name | Parameter |
|---|---|
| Request API permissions | Application permissions |
| Permissions | ActivityFeed.Read ActivityFeed.ReadDlp ServiceHealth.Read |
Table 3: App permissions
Complete the Microsoft Office 365 Integration
You will need:
- Application (client) ID and Directory (tenant) ID created during Register application with Azure Active Directory
- Client Secret created during Generate Application Secret Key
- Login to the Samurai MDR portal
- Click Telemetry and select Integrations from the main menu
- Select Create
- Locate and click Microsoft Office 365
- Click Next (we leverage a Samurai Cloud Collector)
- Enter a Name of Integration
- Enter a Description (Optional)
- Enter your Application (client) ID
- Enter your Directory (tenant) ID
- Enter your Secret Key (client Secret)
- Click Finish
For general information on Integrations refer to the Integrations article.
Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai MDR application and we shall get it updated.