Skip to content

Office 365

DEFEND fetches Office365 audit logs through the Office365 APIs. To provide access to this data, you'll need to create an AppRegistration in Active Directory as follows:

  1. Name: FoxTech-SOC
  2. API Permissions (all Application Permissions):
    1. Office 365 Management APIs:
      1. ActivityFeed.Read
      2. ActivityFeed.ReadDlp
    2. Microsoft Graph API
      1. AuditLog.Read.All
    3. Grant Admin Consent
  3. Create new Secret and note Key name and Value

All that is left is to send the Secret Key Name and Value to FoxTech Support to start the monitoring.