Office 365 Tenant
Types of data that can be collected by Netwrix Auditor from the Office 365 organization depend on the authentication option you choose, as explained in the table below.
IMPORTANT! This item-level option may influence data collection. In particular, if you decide to switch from basic to modern authentication, consider that state-in-time data for Exchange Online will be no longer collected— even if the related global setting Collect data for state-in-time reports is still enabled for the monitoring plan.
| Option | Azure AD audit | Exchange Online audit | SharePoint Online audit |
|---|---|---|---|
|
Modern authentication |
Activity data |
Activity data
|
Activity data State-in-time data |
| Basic authentication |
Activity data |
Activity data State-in-time data |
Activity data State-in-time data |
To configure Office 365 tenant as a monitored item:
1. On the General page of the item properties, specify Tenant name:
- If you are going to use Basic authentication, you can proceed to the next step – Tenant name will be filled in automatically after it.
- If you are going to use Modern authentication, paste the name you obtained at Step 4: Obtain tenant name when preparing your Azure AD app.
2. Select authentication method that will be used when accessing Office 365 services:
- With Basic authentication selected, Office 365 organization will be accessed on behalf of the user you specify.
- Enter User name and password; use any of the following formats: user@domain.com or user@domain.onmicrosoft.com.
- The Tenant name field then will be filled in automatically.
NOTE: Make sure this user account has sufficient access rights. See Accessing Azure AD using basic authentication
- With Modern authentication selected, Office 365 organization will be accessed using the Azure AD app you prepared (see Configuring Azure AD app). Enter:
- Application ID you prepared at Step 1. Create and register a new app in Azure AD
- Application secret you prepared at Step 3: Configure client secret
3. Click the Add button.
TIP: You can use a single account to collect audit data for different Office 365 services (Azure AD, Exchange Online, SharePoint Online); however, Netwrix recommends that you specify individual credentials for each of them.
NOTE: If you plan to collect and report on the audit data for Exchange Online non-owner mailbox access, consider that the value shown in the “Who” field in reports and search results will be displayed in UPN format (unlike the earlier Netwrix Auditor versions). This refers to the following scenarios:
- All new installations
- Upgrade from the previous versions if:
- Modern authentication is selected in the item settings after the upgrade
-OR-
- Modern authentication has ever been selected in the item settings and reverted back to Basic later