Accessing SharePoint Online using modern authentication

This option is recommended for organizations that use modern authentication as the identity management approach, having multi-factor authentication (MFA) enabled for their user accounts. In this scenario, Netwrix Auditor will access the cloud-based infrastructure via Microsoft Graph and other modern APIs, being authenticated through a pre-configured Azure AD application with appropriate access permissions.

So, if you plan to implement such scenario, you should register an Azure AD app manually and provide its settings to Netwrix Auditor when configuring a monitored item.

Required roles and permissions

Permission assignment will depend on the data you plan to collect: activity data only or both activity and state-in-time data.

To... Requirement Comment

Collect activity data only

Azure AD app requires the following Application permissions:

  1. Office 365 Management APIs
    • ActivityFeed.Read
  2. Azure AD Graph API

    • Directory.Read.All
  3. Microsoft Graph
    • Directory.Read.All

To learn how to assign required permissions, see Configuring Azure AD app

Collect activity and state-in-time data

Azure AD app requires the following Application permissions:

  1. Office 365 Management APIs
    • ActivityFeed.Read
  2. Azure AD Graph API

    • Directory.Read.All
    • Application.ReadWrite.All
  3. SharePoint API
    • Sites.FullControl.All
  4. Microsoft Graph

    • Directory.Read.All

To learn how to assign required permissions, see Configuring Azure AD app

Configuration steps

In Microsoft Office 365 Admin center:

  1. Create an Azure AD app that will be used for modern authentication.
  2. Grant required permissions to that application.
  3. Configure application secret for that application.
  4. Obtain tenant name.

See Configuring Azure AD app section for details.

In Netwrix Auditor:

Configure a monitored item using the Modern authentication option.

See Office 365 Tenant for details.

Example

This example shows how to instruct Netwrix Auditor to collect audit data from the Office 365 tenant copr@onmicrosoft.com with modern authentication. It assumes that you have prepared an Azure AD app with required permissions, as explained in Configuring Azure AD app section. Make sure you have the following at hand:

  • Tenant name
  • Application (client) ID
  • Application secret

Do the following:

  1. Create a monitoring plan for SharePoint Online.
  2. Proceed with adding a monitored item — Office 365 tenant. On the General tab, select Modern authentication as authentication type that will be used when accessing Office 365 services.

  3. Paste the tenant name you obtained at Step 4: Obtain tenant name

  4. Enter Azure AD app settings:

  5. Click Add.

See also Office 365 Tenant.