With basic authentication, your SharePoint Online will be accessed on behalf of a user. You will need to provide Office 365 user name and password in the monitored item properties. To access the Azure AD/Office 365 organization and perform initial data collection, the user account will need an administrative role in the cloud-based infrastructure.
NOTE: The user account should be a Cloud-only account.
Further permission assignment will depend on the data you plan to collect:
- To collect both activity and state-in-time data, the administrative role will be still needed. See the table below for details.
- To collect activity data only, the privileged role can be revoked from the specified account after the initial data collection.
Required roles and permissions
Collect activity and state-in-time data
Any of the following role combinations:
Prepare a Cloud-only user account and specify it in the monitored item properties. See Assigning a Privileged Role for Azure AD and Office 365 and Office 365 Tenant.
|Collect activity data only||
This example shows how to instruct Netwrix Auditor to collect audit data from the Office 365 tenant copr.onmicrosoft.com with basic authentication. It assumes that:
- You have prepared a Cloud-only account email@example.com with Global Admin privileged role in the Office 365 organization.
- Both activity and state-in-time data needs to be collected.
Do the following:
- Create a monitoring plan for SharePoint Online.
Proceed with adding a monitored item — Office 365 tenant. On the General tab, select Basic authentication as a method that will be used when accessing Office 365 services.
Enter User name and Password for the privileged account; use any of the following formats: firstname.lastname@example.org or email@example.com. For this example: firstname.lastname@example.org
NOTE: Make sure this user account has sufficient access rights.
- The Tenant name field then will be filled in automatically.
- Click Add.
- Wait for the initial data collection to complete. Ongoing data collections should be performed with the same role assignment.
See also Office 365 Tenant.