Microsoft 365
Overview
Microsoft 365 provides detailed audit logs of user activities, such as file downloads, data access grants, configuration changes, and DLP event logs.
You can monitor the logs in the Coralogix platform to:
Track user activities, such as login attempts, file access, and changes to permissions.
Provide a record of actions taken by users to demonstrate compliance with different regulations.
Detect unexpected changes to files or settings to diagnose and resolve problems.
Keep a record of actions like data deletions or modifications to ensure recovery of lost or altered information and maintain data integrity.
The procedure below explains how to configure the integration, allowing you to read logs from Microsoft 365 into Coralogix.
Prerequisites
Enable auditing in Microsoft 365
Verify that auditing is enabled in Microsoft 365. If not, follow this procedure.
Log into the M365 platform and navigate to the Admin tab.
In a new window, click Security.
Expand Search, then click Audit log search.
If the Audit logs option is disabled, a blue banner will be displayed on top of the page, click it to enable the audit logs.
Configure Coralogix application in Microsoft Entra
Verify that Coralogix enterprise application has been configured in Microsoft Entra. If not, follow this procedure.
Log into Azure portal.
Navigate to Entra (formerly known as Azure Active Directory).
Select Enterprise applications, create a new application and register it.
Navigate to App registrations.
Select the application you have just created, and:
Configure a secret key
Click API Permissions, select Office 365 Management APIs.
Add these 3 permissions and click Grant admin consent for Coralogix.
Navigate to Certificate & secrets.
Create a client secret and copy it into the clipboard.
Configure a Microsoft 365 integration
In the Coralogix UI, go to Data Flow > Integrations.
From the Integrations section, select Microsoft 365.
Enter configuration parameters according to your application requirements:
Integration name - Meaningful name of the M365 integration.
Application name - The Coralogix application name.
Subsystem name - The Coralogix subsystem name.
Tenant ID - Your Microsoft tenant ID.
Application ID - Application ID used to authenticate and read logs from your Microsoft 365 environment.
Secret value - Secret value used to authenticate and read logs from your Microsoft 365 environment.
Click Create to create the integration.