To collect audit data in your cloud-based environment, Netwrix uses a dedicated Azure AD application and leverages APIs access permissions granted to that app. To register such application and assign required permissions, an Azure AD account with an administrative role will be required:
- If your organization uses modern authentication for identity management:
- Azure AD application should be created manually by user with administrative role and assigned required permissions. See Configuring Azure AD app for details.
- You will need to provide the Azure AD app settings in the monitored item (Office 365 tenant) properties. See Office 365 Tenant for more information.
- If basic authentication is used:
- Azure AD application named Netwrix Auditor for Azure AD will be created automatically when Netwrix Auditor connects to the monitored item (Office 365 tenant) for the first time. Thus, you will need to prepare a Azure AD user account with an administrative role in Azure AD —to create an app and perform initial data collection.
- Provide this user name and password in the monitored item properties. See Office 365 Tenant for more information.
Permissions for ongoing data collection will depend on data you plan to collect:
- To collect activity (event-based) data including logon attempts, the administrative role will be needed.
- To collect activity data without logons, the privileged role can be revoked from the specified account after the initial data collection.
- Accessing Azure AD using modern authentication
- Accessing Azure AD using basic authentication