This option is recommended for organizations that use modern authentication as the identity management approach, having multi-factor authentication (MFA) enabled for their user accounts. In this scenario, Netwrix Auditor will access the cloud-based infrastructure via Microsoft Graph and other modern APIs, being authenticated through a pre-configured Azure AD application with appropriate access permissions.
So, if you plan to implement such scenario, you should register an Azure AD app manually and provide its settings to Netwrix Auditor when configuring a monitored item.
Required roles and permissions
Collect audit data (without logons)
Azure AD app requires the following Application permissions:
|To learn how to assign required permissions, see Configuring Azure AD app|
Collect audit data, including Successful Logons and/or Failed Logons
In Microsoft Office 365 Admin center:
- Create an Azure AD app that will be used for modern authentication.
- Grant required permissions to that application.
- Configure application secret for that application.
- Obtain tenant name.
In Netwrix Auditor:
Configure a monitored item (Office 365 Tenant) using the Modern authentication option.
This example shows how to instruct Netwrix Auditor to collect audit data from the Azure AD organization using modern authentication. It assumes that:
- Audit data on the logon attempts does not need to be collected.
- You have prepared an Azure AD app with required permissions, as explained in Configuring Azure AD app section. Make sure you have the following at hand:
- Tenant name
- Application (client) ID
- Application secret
Do the following:
- Create a monitoring plan for Azure AD domain.
Proceed with adding a monitored item — Office 365 tenant. On the General tab, select Modern authentication as authentication type that will be used when accessing Azure AD/Office 365 services.
Paste the tenant name you obtained from Azure AD at Step 4: Obtain tenant name
Enter Azure AD app settings:
- Click Add.
See also Office 365 Tenant.