Microsoft 365
Source Connector
Overview
This source connector fetches Audit events from the Office 365 Management APIs.
- Audit.AzureActiveDirectory
- Audit.Exchange
- Audit.SharePoint
- Audit.General
- includes all other workloads not included in the previous content types
- DLP.All
- DLP events only for all workloads
Prerequisites
- In Microsoft Purview, turn auditing on
- Register an Active Directory Application
- Supported account types: Accounts in this organization directory only
- Certificates & secrets: Create a new client secret. You will need this to configure the tarsal source connector
- API Permissions:
- Office 365 Management APIs
ActivityFeed.ReadActivity.Feed.ReadDlpServiceHealth.Read
- Office 365 Management APIs
Configuration
| Field | Required | Description |
|---|---|---|
| Client ID | yes | Azure AD Application (Client) ID |
| Client Secret | yes | Azure AD Application (Client) Secret |
| Tenant ID | yes | Directory (Tenant) ID |
Connector Limitations
The source connector is restricted by rate limits.
Updated about 2 months ago