This option is recommended for organizations that use modern authentication as the identity management approach, having multi-factor authentication (MFA) enabled for their user accounts. In this scenario, Netwrix Auditor will access the cloud-based infrastructure via Microsoft Graph and other modern APIs, being authenticated through a pre-configured Azure AD application with appropriate access permissions.
So, if you plan to implement such scenario, you should register an Azure AD app manually and provide its settings to Netwrix Auditor when configuring a monitored item.
IMPORTANT! State-in-time data will not be collected in scenarios with modern authentication.
Required roles and permissions
Collect audit data (activity only)
Azure AD app requires the following Application permissions:
To learn how to assign required permissions, see Configuring Azure AD app
In Microsoft Office 365 Admin center:
- Create an Azure AD app that will be used for modern authentication.
- Grant required permissions to that application.
- Configure client secret for that application.
- Obtain tenant name.
In Netwrix Auditor:
Configure a monitored item (Office 365 Tenant) using the Modern authentication option.
To audit non-owner mailbox access, additional configuration steps are required. You can follow an automated or manual configuration process. See these sections: