The Microsoft Office 365 Management Activity API provides information about various user, admin, system, and policy actions and events from Office 365. After you configure the connection between the AlienApp for Office 365 and the Office 365 Management Activity API, the predefined log collection job performs a query for Office 365 events. When USM Anywhere collects and analyzes the first of these events, the Office 365 Azure Active Directory dashboard, Office 365 OneDrive dashboard, and Office 365 SharePoint dashboard become available in the Dashboards menu (according to the type of events that it collects).
Warning: Due to the design of the Office 365 Management Activity API, you may see events being delayed or received out of order. See Office 365 Event Latency for more information.
Before you configure the AlienApp for Office 365, make sure that you have fulfilled the firewall permissions and requirements in your Office 365 account for this integration.
To configure the AlienApp for Office 365
- In USM Anywhere, go to Data Sources > AlienApps.
- Click the Available Apps tab.
- Search for the AlienApp, and then click the tile.
- Click Configure API.
If you have more than one deployed USM Anywhere Sensor, select the sensor that you want to use for the enabled AlienApp.
AlienApps operate through a deployed sensor and use APIs to integrate with the connected third-party technology. Select the sensor that can access the integration endpoint. The HTTPS connections to the API will originate from this sensor, so it is important to make sure the sensor has network access to the AlienApp API endpoints.
Follow the instructions on the page to register the AlienApp for Office 365 in Azure, and then copy the Application (client) ID and Directory (tenant) ID.
Note: This step is better conducted in a different browser.
- Enter the copied IDs in the Tenant ID and Application ID fields.
Select the endpoint for Office 365 Management Activity API:
- Office 365: https://manage.office.com
- Office 365 US Government: https://manage.office365.us
- Click Save.
Verify the connection.
After USM Anywhere completes a successful connection to the Office 365 APIs, a icon displays in the Health column.
If the icon displays, there is a problem with the connection. The Message column provides information about the issue. Repeat the steps to fix the configuration or troubleshoot your Office 365 connection.
- In the USM Anywhere main menu, go to Settings > Scheduler and search for the collection job for
Enable the job if it is not already enabled.
Important: The AlienApp will not work if the scheduler job is not enabled.
When this job runs for the first time after the connection, it collects Office 365 events from the previous hour. On subsequent runs (every 20 minutes), it only collects new events since the last check. In the unlikely event that the AlienApp stops working after it is enabled, Microsoft Azure keeps Office 365 events for 7 days. The AlienApp will resume collecting events after it recovers.