Documentation Center
AlienVault® USM Anywhere™

Configuring the AlienApp for Office 365

  Role Availability   Read-Only   Analyst   Manager

After you configure the connection between the AlienApp for Office 365 and the Microsoft Office 365 Management Activity API for a deployed USM Anywhere Sensor, the predefined log collection job performs a query for Office 365 events. When USM Anywhere collects and analyzes the first of these events, the Office 365 dashboards are available in the DASHBOARDS menu (according the type of events that it collects).

Warning: Due to the design of the Office 365 Management Activity API, you may see events being delayed or received out of order. For more information, see Office 365 Event Latency.

This integration requires connectivity between your USM Anywhere Sensor and the Microsoft Office 365 Management Activity API. If you have a Sensor deployed in your Azure subscription, you should use this Sensor to configure the AlienApp. If you use a non-Azure Sensor, you must set your firewall permissions to allow the following ingress/egress connections for the Sensor.

Type Port Endpoint Purpose
TCP 443 https://login.windows.net/ Authentication for your Office 365 account
TCP 443 https://manage.office.com/api/v1.0/ Queries to retrieve log data from the Microsoft Office 365 Management Activity API

Before you configure the AlienApp for Office 365, make sure that you have the requirements set up in your Office 365 account for this integration.