Accessing Azure AD using modern authentication

This option is recommended for organizations that use modern authentication as the identity management approach, having multi-factor authentication (MFA) enabled for their user accounts. In this scenario, Netwrix Auditor will access the cloud-based infrastructure via Microsoft Graph and other modern APIs, being authenticated through a pre-configured Azure AD application with appropriate access permissions.

So, if you plan to implement such scenario, you should register an Azure AD app manually and provide its settings to Netwrix Auditor when configuring a monitored item.

Required roles and permissions

To... Requirement Comment

Collect audit data (without logons)

Azure AD app requires the following Application permissions:

  1. Microsoft Graph API
    • Directory.Read.All

    • AuditLog.Read.All

  2. Office 365 Management APIs
    • ActivityFeed.Read
  3. Azure AD Graph API

    • Directory.Read.All
To learn how to assign required permissions, see Configuring Azure AD app

Collect audit data, including Successful Logons and/or Failed Logons

  1. Azure AD app requires permissions listed above.
  2. Cloud tenant requires Azure Active Directory Premium Plan 1 or Azure Active Directory Premium Plan 2 license plan for Azure.

Configuration steps

In Microsoft Office 365 Admin center:

  1. Create an Azure AD app that will be used for modern authentication.
  2. Grant required permissions to that application.
  3. Configure application secret for that application.
  4. Obtain tenant name.

See Configuring Azure AD app

In Netwrix Auditor:

Configure a monitored item (Office 365 Tenant) using the Modern authentication option.


This example shows how to instruct Netwrix Auditor to collect audit data from the Azure AD organization using modern authentication. It assumes that:

  • Audit data on the logon attempts does not need to be collected.
  • You have prepared an Azure AD app with required permissions, as explained in Configuring Azure AD app section. Make sure you have the following at hand:
    • Tenant name
    • Application (client) ID
    • Application secret

Do the following:

  1. Create a monitoring plan for Azure AD domain.
  2. Proceed with adding a monitored item — Office 365 tenant. On the General tab, select Modern authentication as authentication type that will be used when accessing Azure AD/Office 365 services.

  3. Paste the tenant name you obtained from Azure AD at Step 4: Obtain tenant name

  4. Enter Azure AD app settings:

  5. Click Add.

See also Office 365 Tenant.