Overview
Office 365 is a
critical part of your infrastructure. The Pulse Breach Detection platform
provides API based integration with Office 365 & Azure AD to provide
visibility into system changes, file sharing and authentication related events
that are critical for enabling compliance and enhancing your overall cyber
security posture.
The integration allows ingestion of the following logs:
·
General Audit
·
Exchange
·
SharePoint
·
Azure Active Directory
logs
What
We Need
In order to securely connect the Pulse Breach Detection platform
with your office 365 instance we will need the following:
1.
Azure
Tenant(Directory) ID:
2.
Client(Application)
ID:
3.
Client Secret
(Password):
Note: Please login into the Azure portal with Admin Privileges
to perform the below steps.
·
Login in to the Azure Administrator Portal Account( https://azure.microsoft.com/en-us/features/azure-portal/)
· Create a New App Registration with the below following steps
Click on Register an application
Register the application once the above fields are given
proper values. Once the application is created you see the below with the
required information by the SOC such as the Application ID and Directory ID.
Click on API permissions and then add a permission then select
all the Application permissions and Delegated permissions in the Microsoft Office 365 Management API
Once all the Application and Delegated Permissions are added
then we need to Grant admin consent for the requested permissions.
Then we need to the generate the secrets. This can be generated
in certificates and secrets.
Click on New client secret and give it a description for the
key and select the expiration period for the Key. Once the client Key is generated then copy and
send the Key along with the Application and Directory ID.
Once all the
Information is gathered from the Azure Portal, please send this information to
your Customer Success Manager, soc@cyflare.com or
submit to your project portal.
The 3 items we will need from the client are:
· The Azure Tenant ID(Directory ID)
·
Client ID(Application
ID)
·
Client Secret(Client
Password).