Microsoft 365
Source Connector
Overview
This source connector fetches Audit events from the Office 365 Management APIs.
Streams
Streams are pulled from the Office 365 Management Activity API
| Data Source | Stream Name | Notes |
|---|---|---|
| Audit.AzureActiveDirectory | audit_azure_active_directory | |
| Audit.Exchange | audit_exchange | |
| Audit.SharePoint | audit_share_point | |
| Audit.General | audit_general | includes all other workloads not included in the previous content types |
| DLP.All | dlp_all | DLP events only for all workloads |
Prerequisites
- In Microsoft Purview, turn auditing on
- Register an Active Directory Application
- Supported account types: Accounts in this organization directory only
- Certificates & secrets: Create a new client secret. You will need this to configure the tarsal source connector
- API Permissions:
- Office 365 Management APIs
ActivityFeed.ReadActivity.Feed.ReadDlpServiceHealth.Read
- Office 365 Management APIs
Configuration
| Field | Required | Description |
|---|---|---|
| Client ID | yes | Azure AD Application (Client) ID |
| Client Secret | yes | Azure AD Application (Client) Secret |
| Tenant ID | yes | Directory (Tenant) ID |
Connector Limitations
- This connector is restricted by rate limits.
Updated 10 months ago