Microsoft 365

Source Connector



This source connector fetches Audit events from the Office 365 Management APIs.

  • Audit.AzureActiveDirectory
  • Audit.Exchange
  • Audit.SharePoint
  • Audit.General
    • includes all other workloads not included in the previous content types
  • DLP.All
    • DLP events only for all workloads


  1. In Microsoft Purview, turn auditing on
  2. Register an Active Directory Application
    1. Supported account types: Accounts in this organization directory only
    2. Certificates & secrets: Create a new client secret. You will need this to configure the tarsal source connector
    3. API Permissions:
      1. Office 365 Management APIs
        1. ActivityFeed.Read
        2. Activity.Feed.ReadDlp
        3. ServiceHealth.Read


Client IDyesAzure AD Application (Client) ID
Client SecretyesAzure AD Application (Client) Secret
Tenant IDyesDirectory (Tenant) ID

Connector Limitations

The source connector is restricted by rate limits.