Office 365 App Integration with BDS

Office 365 Integration with Breach Detection Service (Latest Version)


Office 365 is a critical part of your infrastructure. The Pulse Breach Detection platform provides API based integration with Office 365 & Azure AD to provide visibility into system changes, file sharing and authentication related events that are critical for enabling compliance and enhancing your overall cyber security posture.

The integration allows ingestion of the following logs:

·         General Audit

·         Exchange

·         SharePoint

·         Azure Active Directory logs

What We Need


In order to securely connect the Pulse Breach Detection platform with your office 365 instance we will need the following:

1.    Azure Tenant(Directory) ID: 

2.    Client(Application) ID: 

3.    Client Secret (Password): 


Note: Please login into the Azure portal with Admin Privileges to perform the below steps.

Necessary Steps

·         Login in to the Azure Administrator Portal Account(

·         Create a New App Registration with the below following steps



Click on Register an application


Register the application once the above fields are given proper values. Once the application is created you see the below with the required information by the SOC such as the Application ID and Directory ID.


Click on API permissions and then add a permission then select all the Application permissions and Delegated permissions in  the Microsoft Office 365 Management API






Once all the Application and Delegated Permissions are added then we need to Grant admin consent for the requested permissions.





Then we need to the generate the secrets. This can be generated in certificates and secrets.

Click on New client secret and give it a description for the key and select the expiration period for the Key.  Once the client Key is generated then copy and send the Key along with the Application and Directory ID.



Once all the Information is gathered from the Azure Portal, please send this information to your Customer Success Manager, or submit to your project portal.

The 3 items we will need from the client are: 

·         The Azure Tenant ID(Directory ID)

·         Client ID(Application ID)

·         Client Secret(Client Password). 








    • Related Articles

    • AWS Cloudtrail Integration Guide With Breach Detection

      Overview AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS ...
    • 3 1 Breach Detection System Release Notes

        3. Highlights  Amazing new navigation menu and dashboard to match day to day operation workflow and provide intuitive navigation 4 new detections to further enhance cyber safety 5+ new data source capability added to gain even more visibility over ...

         Pre-Requisites: You will need Domain Administrator Privileges to configure the G-Suite Integration within BDS.   Preparation Before configuring G-Suite in data processor, user would need to enable this feature in the google admin dashboard. 1. ...
    • CyFlare Detection List & MITRE ATT&CK Framework Mapping

      Purpose This document identifies the detections that are available to CyFlare clients from the identified managed security services.  Filters & Definitions State - This represents whether the default mode for the detection. It may be On or Off by ...
    • AlienVault USM Anywhere Customer Quick Start Guide

      Summary This document is intended as a step by step guide for new customer implementations of USM Anywhere with an introduction to the incident ticketing process and interacting with the SOC.  The solution and service are deployed in phases. The ...