Accessing Exchange Online using modern authentication

This option is recommended for organizations that use modern authentication as the identity management approach, having multi-factor authentication (MFA) enabled for their user accounts. In this scenario, Netwrix Auditor will access the cloud-based infrastructure via Microsoft Graph and other modern APIs, being authenticated through a pre-configured Azure AD application with appropriate access permissions.

So, if you plan to implement such scenario, you should register an Azure AD app manually and provide its settings to Netwrix Auditor when configuring a monitored item.

IMPORTANT! State-in-time data will not be collected in scenarios with modern authentication.

Required roles and permissions

To... Requirement Comment

Collect audit data (activity only)

Azure AD app requires the following Application permissions:

  1. Microsoft Graph API
    • Directory.Read.All

    • Mail.ReadBasic.All

  2. Office 365 Management APIs
    • ActivityFeed.Read
  3. Azure AD Graph API

    • Directory.Read.All

To learn how to assign required permissions, see Configuring Azure AD app

Configuration steps

In Microsoft Office 365 Admin center:

  1. Create an Azure AD app that will be used for modern authentication.
  2. Grant required permissions to that application.
  3. Configure client secret for that application.
  4. Obtain tenant name.

See Configuring Azure AD app

In Netwrix Auditor:

Configure a monitored item (Office 365 Tenant) using the Modern authentication option.

Auditing non-owner mailbox access

To audit non-owner mailbox access, additional configuration steps are required. You can follow an automated or manual configuration process. See these sections: