Accessing SharePoint Online using basic authentication

With basic authentication, your SharePoint Online will be accessed on behalf of a user. You will need to provide Office 365 user name and password in the monitored item properties. To access the Azure AD/Office 365 organization and perform initial data collection, the user account will need an administrative role in the cloud-based infrastructure.

NOTE: The user account should be a Cloud-only account.

Further permission assignment will depend on the data you plan to collect:

  • To collect both activity and state-in-time data, the administrative role will be still needed. See the table below for details.
  • To collect activity data only, the privileged role can be revoked from the specified account after the initial data collection.

Required roles and permissions

To... Requirement Comment

Collect activity and state-in-time data

Any of the following role combinations:

  • Application Administrator & Privileged Role Administrator


  • Cloud Application Administrator & Privileged Role Administrator


  • Global Admin (Company Administrator in Azure AD PowerShell terms)

Prepare a Cloud-only user account and specify it in the monitored item properties. See Assigning a Privileged Role for Azure AD and Office 365 and Office 365 Tenant.

Collect activity data only
  1. For initial connection to SharePoint Online and initial data collection — any of the role combinations listed above.
  2. After the initial data collection, the privileged roles can be revoked from this account.





This example shows how to instruct Netwrix Auditor to collect audit data from the Office 365 tenant with basic authentication. It assumes that:

  • You have prepared a Cloud-only account with Global Admin privileged role in the Office 365 organization.
  • Both activity and state-in-time data needs to be collected.

Do the following:

  1. Create a monitoring plan for SharePoint Online.
  2. Proceed with adding a monitored item — Office 365 tenant. On the General tab, select Basic authentication as a method that will be used when accessing Office 365 services.

  3. Enter User name and Password for the privileged account; use any of the following formats: or For this example:

    NOTE: Make sure this user account has sufficient access rights.

  4. The Tenant name field then will be filled in automatically.
  5. Click Add.
  6. Wait for the initial data collection to complete. Ongoing data collections should be performed with the same role assignment.

See also Office 365 Tenant.