To collect audit data from your SharePoint Online and OneDrive for Business, Netwrix uses a dedicated Azure AD application and leverages APIs access permissions granted to that app. To register this application and assign required permissions, an Azure AD account with an administrative role will be required:
- If your organization uses modern authentication for identity management:
- Azure AD application should be created manually by user with administrative role and assigned required permissions. This app will allow you to collect both activity and state-in-time data. See Configuring Azure AD app for details.
- You will need to provide the Azure AD app settings in the monitored item (Office 365 tenant) properties. See Office 365 Tenant for more information.
- If basic authentication is used:
- Azure AD application named Netwrix Auditor for Azure AD will be created automatically when Netwrix Auditor connects to the monitored item (Office 365 tenant) for the first time. Thus, you will need to prepare an Office 356 user account with an administrative role in Azure AD —to create an app and perform initial data collection.
- Provide this user name and password in the monitored item properties. See Office 365 Tenant for more information.
Permissions for ongoing data collection will depend on data you plan to collect:
- To collect both activity (event-based) and state-in-time data, the administrative role will be still needed.
- To collect activity data only, the privileged role can be revoked from the specified account after the initial data collection.