AlienVault® USM Anywhere™

Configuring the AlienApp for Office 365

Role Availability Read-Only Analyst Manager

The Microsoft Office 365 Management Activity API provides information about various user, admin, system, and policy actions and events from Office 365. After you configure the connection between the AlienApp for Office 365 and the Office 365 Management Activity API, the predefined log collection job performs a query for Office 365 events. When USM Anywhere collects and analyzes the first of these events, the Office 365 dashboards become available in the Dashboards menu (according the type of events that it collects).

Warning: Due to the design of the Office 365 Management Activity API, you may see events being delayed or received out of order. See Office 365 Event Latency for more information.

This integration requires connectivity between your USM Anywhere Sensor and the Office 365 Management Activity API. If you have an Azure Sensor deployed in your Azure subscription, you should use this sensor to configure the AlienApp. If you use a non-Azure Sensor, you must set your firewall permissions to allow the following inbound and outbound connections for the sensor:

Firewall Permissions for the USM Anywhere Sensor
Type Port Endpoint Purpose
TCP 443 Authentication for your Office 365 account
TCP 443 Queries to retrieve log data from the Office 365 Management Activity API


Before you configure the AlienApp for Office 365, make sure that you have fulfilled the requirements in your Office 365 account for this integration.

For ease of illustration, this configuration is broken into three tasks: