Office 365 logging app configuration

This document demonstrates how to configure the Office 365 environment for log output to facilitate ingestion into SIEMonster. Please also see video at the bottom of this page on the steps.

Before starting this process please proceed to and login into your Office 365 / Azure admin panel.

1. First we will need to go to Azure active directory

2. click on App Registration

3.Click New Registration

4. Enter the name, in this example we will just use 0365Test. Then Click Register

5. After you have registered, you should be presented with a screen which has two important pieces of information that we will need to copy and make a note of. The first is the Application (client) ID.

6. The second is the Directory (tenant) ID.

7. click on certificates & Secrets

8.click new client secret

9. Give a description under the, add a client secret section

10. set expire section to 24 months.

11. click add

12. After the secret has been added, DO NOT navigate away from the page until you have made note of the value section of the newly created secret, this will not be visible after navigating away from this page.

13. click on API permissions.

14. click add permissions.

15. click the office 365 management APIs

16. click application permissions and check all three of the available options

19. click the grant admin consent for default directories and then click yes and we should get four green checkmarks

At this point You should have three items noted:

1. Application Client ID

2. Directory Tenant ID

3. The value of the newly created secret

⚠️ NOTE: If you do not capture the required details you will have to redo the steps outlined above as the secret is only visble during creation

To complete your integration with SIEMonster please proceed to the following guide:

https://docs.siemonster.com/current/integrating-office365-azure-logs-with-siemonster